AB 242, as introduced, Chau. Privacy: Internet.
Existing law requires an operator of a commercial Web site or online service that collects personally identifiable information through the Internet, about individual consumers residing in California who use or visit its commercial Web site or online service, to make its privacy policy available to consumers, as specified.
This bill would require the privacy policy to be no more than 100 words, be written in clear and concise language, be written at no greater than an 8th grade reading level, and to include a statement indicating whether the personally identifiable information may be sold or shared with others, and if so, how and with whom the information may be shared.
Vote: majority. Appropriation: no. Fiscal committee: no. State-mandated local program: no.
The people of the State of California do enact as follows:
Section 22575 of the Business and Professions
2Code is amended to read:
(a) An operator of a commercial Web site or online
4service that collects personally identifiable information through
P2 1the Internet about individual consumers residing in California who
2use or visit its commercial Web site or online service shall
3conspicuously post its privacy policy on its Web site, or in the case
4of an operator of an online service, make that policy available in
5accordance with paragraph (5) of subdivision (b) of Section 22577.
6An operator shall be in violation of this subdivision only if the
7operator fails to post its policy within 30 days after being notified
8of noncompliance.
9(b) The privacy policy required by subdivision (a) shall do all
10of the following:
11(1) Identify the categories of personally identifiable information
12that the operator collects through the Web site or online service
13about individual consumers who use or visit its commercial Web
14site or online service and the categories of third-party persons or
15entities with whom the operator may share that personally
16identifiable information.
17(2) If the operator maintains a process for an individual
18consumer who uses or visits its commercial Web site or online
19service to review and request changes to any of his or her
20personally identifiable information that is collected through the
21Web site or online service, provide a description of that process.
22(3) Describe the process by which the operator notifies
23consumers who use or visit its commercial Web site or online
24service of material changes to the operator’s privacy
policy for
25that Web site or online service.
26(4) Identify its effective date.
begin insert
27(c) The privacy policy required by this section shall be no more
28than 100 words and shall be written in clear and concise language
29at no greater than an eighth grade reading level. The privacy
30policy shall include a statement indicating whether the personally
31identifiable information may be sold or shared with others, and if
32so, how and with whom the information may be shared.
O
99