AB 370, as amended, Muratsuchi. Consumers: online tracking.
Existing law, subject to specified exceptions, requires a business that discloses a customer’s personal information to a 3rd party for direct marketing purposes to provide the customer, within 30 days after the customer’s request, as specified, in writing or by e-mail the names and addresses of the recipients of that information and specified details regarding the information disclosed.end delete
This bill would declare the intent of the Legislature to enact legislation that would regulate online behavioral tracking of consumers.end delete
Vote: majority. Appropriation: no. Fiscal committee: no. State-mandated local program: no.
The people of the State of California do enact as follows:
(a) An operator of a commercial Web site or online
4service that collects personally identifiable information through
5the Internet about individual consumers residing in California who
6use or visit its commercial Web site or online service shall
8of an operator of an online service, make that policy available in
9accordance with paragraph (5) of subdivision (b) of Section 22577.
10An operator shall be in violation of this subdivision only if the
11operator fails to post its policy within 30 days after being notified
14of the following:
15(1) Identify the categories of personally identifiable information
16that the operator collects through the Web site or online service
17about individual consumers who use or visit its commercial Web
18site or online service and the categories of third-party persons or
19entities with whom the operator may share that personally
28 If the operator maintains a process for an individual
29consumer who uses or visits its commercial Web site or online
30service to review and request changes to any of his or her
P3 1personally identifiable information that is collected through the
2Web site or online service, provide a description of that process.
4 Describe the process by which the operator notifies
5consumers who use or visit its commercial Web site or online
7that Web site or online service.
9 Identify its effective date.
For the purposes of this chapter, the following
14(a) The term “personally identifiable information” means
15individually identifiable information about an individual consumer
16collected online by the operator from that individual and
17maintained by the operator in an accessible form, including any
18of the following:
19(1) A first and last name.
20(2) A home or other physical address, including street name and
21name of a city or town.
22(3) An e-mail address.
23(4) A telephone number.
24(5) A social security number.
25(6) Any other identifier that permits the physical or online
26contacting of a specific individual.
27(7) Information concerning a user that the Web site or online
28service collects online from the user and maintains in personally
29identifiable form in combination with an identifier described in
31(b) The term “conspicuously post” with respect to a privacy
35the Web page is the homepage or first significant page after
36entering the Web site.
37(2) An icon that hyperlinks to a Web page on which the actual
39the first significant page after entering the Web site, and if the icon
40contains the word “privacy.” The icon shall also use a color that
P4 1contrasts with the background color of the Web page or is
3(3) A text link that hyperlinks to a Web page on which the actual
5or first significant page after entering the Web site, and if the text
6link does one of the following:
7(A) Includes the word “privacy.”
8(B) Is written in capital letters equal to or greater in size than
9the surrounding text.
10(C) Is written in larger type than
the surrounding text, or in
11contrasting type, font, or color to the surrounding text of the same
12size, or set off from the surrounding text of the same size by
13symbols or other marks that call attention to the language.
14(4) Any other functional hyperlink that is so displayed that a
15reasonable person would notice it.
16(5) In the case of an online service, any other reasonably
18consumers of the online service.
19(c) The term “operator” means any person or entity that owns
20a Web site located on the Internet or an online service that collects
21and maintains personally identifiable information from a consumer
22residing in California who uses or visits the Web site or online
23service if the Web site or online service is operated for commercial
24purposes. It does not include any third party that operates, hosts,
25or manages, but does not own, a Web site or online service on the
26owner’s behalf or by processing information on behalf of the
28(d) The term “consumer” means any individual who seeks or
29acquires, by purchase or lease, any goods, services, money, or
30credit for personal, family, or household purposes.
It is the intent of the Legislature to enact
36legislation that would regulate online behavioral tracking of