as amended, Muratsuchi. Consumers:
begin delete online tracking.end delete
This bill would require an operator to disclose
begin delete whether or not it honors a request from a consumer to disable online tracking, as defined, of the consumer who visits or uses its commercial Web site or online
service. The bill would also require an operator to disclose if it allows 3rd parties to conduct online tracking on the commercial Web site or online service and whether there is a means to disable this tracking.end delete
Vote: majority. Appropriation: no. Fiscal committee: no. State-mandated local program: no.
The people of the State of California do enact as follows:
Section 22575 of the Business and Professions
2Code is amended to read:
(a) An operator of a commercial Web site or online
4service that collects personally identifiable information through
5the Internet about individual consumers residing in California who
6use or visit its commercial Web site or online service shall
8of an operator of an online service, make that policy available in
9accordance with paragraph (5) of subdivision (b) of Section 22577.
10An operator shall be in violation of this subdivision only if the
11operator fails to post its policy within 30 days after being notified
14of the following:
15(1) Identify the categories of personally identifiable information
16that the operator collects through the Web site or online service
17about individual consumers who use or visit its commercial Web
18site or online service and the categories of third-party persons or
19entities with whom the operator may share that personally
21(2) If the operator maintains a process for an individual
22consumer who uses or visits its commercial Web site or online
23service to review and request changes to any of his or her
24personally identifiable information that is collected through the
25Web site or online service, provide a description of that process.
26(3) Describe the process by which the
27consumers who use or visit its commercial Web site or online
2that Web site or online service.
3(4) Identify its effective date.
4(5) Disclose how the operator responds to Web browser “do not
5track” signals or other
begin delete similarend delete mechanisms regarding begin delete online tracking, as defined .
7in subdivision (e) of Section 22577, when an individual consumer
8uses or visits the commercial Web site or online serviceend delete
13(6) Disclose whether other parties
begin delete on the operator’s commercial .
14Web site or online service are or may be conducting online
15tracking, as defined in subdivision (e) of Section 22577, and what,
16if any, program, solution, protocol, or mechanism the operator
17follows that offers consumers who use or visit its commercial Web
18site or online service the ability to exercise a choice regarding
19whether to permit this collection. The operator shall also offer
20information regarding how the consumer can use the program,
21solution, protocol, or mechanismend delete
Section 22577 of the Business and Professions Code
31 is amended to read:
For the purposes of this chapter, the following
34(a) The term “personally identifiable information” means
35individually identifiable information about an individual consumer
36collected online by the operator from that individual and
37maintained by the operator in an accessible form, including any
38of the following:
39(1) A first and last name.
P4 1(2) A home or other physical address, including street name and
2name of a city or town.
3(3) An e-mail address.
4(4) A telephone number.
5(5) A social security number.
6(6) Any other identifier that permits the physical or online
7contacting of a specific individual.
8(7) Information concerning a user that the Web site or online
9service collects online from the user and maintains in personally
10identifiable form in combination with an identifier described in
12(b) The term “conspicuously post” with respect to a privacy
15(1) A Web page on which the actual
16the Web page is the homepage or first significant page after
17entering the Web site.
18(2) An icon that hyperlinks to a Web page on which the actual
20the first significant page after entering the Web site, and if the icon
21contains the word “privacy.” The icon shall also use a color that
22contrasts with the background color of the Web page or is
24(3) A text link that hyperlinks to a Web page on which the actual
26or first significant page after entering the Web site, and if the text
27link does one of the following:
28(A) Includes the word “privacy.”
29(B) Is written in capital letters equal to or greater in size than
30the surrounding text.
31(C) Is written in larger type than the surrounding text, or in
32contrasting type, font, or color to the surrounding text of the same
33size, or set off from the surrounding text of the same size by
34symbols or other marks that call attention to the language.
35(4) Any other functional hyperlink that is so displayed that a
36reasonable person would notice it.
37(5) In the case of an online service, any other reasonably
39consumers of the online service.
P5 1(c) The term “operator” means any person or entity that owns
2a Web site located on the Internet or an online service that collects
3and maintains personally identifiable information from a consumer
4residing in California who uses or visits the Web site or online
5service if the Web site or online service is operated for commercial
6purposes. It does not include any third party that operates, hosts,
7or manages, but does not own, a Web site or online service on the
8owner’s behalf or by processing information on behalf of the
10(d) The term “consumer” means any individual who seeks or
11acquires, by purchase or lease, any goods, services, money, or
12credit for personal, family, or household purposes.
13(e) The term “online tracking” means the practice of collecting
14personally identifiable information about an individual consumer’s
15online activities over time and across different Web sites and online
16services, for any use other than the internal business purposes of
17the commercial Web site or online service through which the
18tracking is conducted.
19(f) The term “internal business purposes” means those activities
20necessary to maintain or analyze the functioning of the commercial
21Web site or online service, perform network communications,
22authenticate users of the commercial Web site or online service,
23and ensure legal or regulatory compliance, provided that the
24information collected for these activities is not used or disclosed
25for any other purpose.