SB 849, as introduced, Anderson. Consumers: Internet privacy.
Existing law requires an operator of a commercial Internet Web site or online service that collects personally identifiable information through the Internet about consumers residing in California who use or visit its commercial Internet Web site or online service to conspicuously post its privacy policy on its Internet Web site or online service and to comply with that policy. Existing law requires that the privacy policy specify how personally identifiable information is managed by the operator.
This bill would make nonsubstantive changes to this law.
Vote: majority. Appropriation: no. Fiscal committee: no. State-mandated local program: no.
The people of the State of California do enact as follows:
Section 22575 of the Business and Professions
2Code is amended to read:
(a) An operator of a commercial Web site or online
4service that collects personally identifiable information through
5the Internet about individual consumers residing in California who
6use or visit its commercial Web site or online service shall
7conspicuously post its privacy policy on its Web site, or in the case
8of an operator of an online service, make that policy available in
P2 1accordance with paragraph (5) of subdivision (b) of Section 22577.
2An operator shall be in violation of this subdivision only if the
3operator fails to post its policy within 30 days after being notified
4of noncompliance.
5(b) The privacy policy required by subdivision (a) shall do all
6of the following:
7(1) Identify the categories of personally identifiable information
8that the operator collects through the Web site or online service
9about individual consumers who use or visit its commercial Web
10site or online service and the categories of third-party persons or
11entities with whom the operator may share that personally
12identifiable information.
13(2) If the operator maintains abegin delete processend deletebegin insert procedureend insert for an
14individual consumer who uses or visits its commercial Web site
15or online service to review and request changes to any of his or
16her personally identifiable information that is collected through
17the Web site or online service, provide a description of thatbegin delete processend delete
18begin insert
procedureend insert.
19(3) Describe thebegin delete processend deletebegin insert procedureend insert by which the operator
20notifies consumers who use or visit its commercial Web site or
21online service of material changes to the operator’s privacy policy
22for that Web site or online service.
23(4) Identify its effective date.
24(5) Disclose how the operator responds to Web browser “do not
25track” signals or other mechanisms that provide consumers the
26ability to exercise choice regarding the collection of personally
27identifiable information about an individual consumer’s online
28activities over time and across third-party Web sites or online
29services,
if the operator engages in that collection.
30(6) Disclose whether other parties may collect personally
31identifiable information about an individual consumer’s online
32activities over time and across different Web sites when a consumer
33uses the operator’s Web site or service.
34(7) An operator may satisfy the requirement of paragraph (5)
35by providing a clear and conspicuous hyperlink in the operator’s
36privacy policy to an online location containing a description,
37including the effects, of any program or protocol the operator
38follows that offers the consumer that choice.
O
99