Do you Need a California Privacy Policy?

Do you Need a California Privacy Policy?


Chances are, companies have been making your inbox rain with privacy policy-related emails. If you don’t have a clue on what’s going on, you can blame the European Union’s Global Data Privacy Regulation (GDPR) going into effect. 


Even though GDPR technically only applies to data and privacy within the EU (and the personal export of data outside of the EU), most of the companies you’ve subscribed to have some sort of European presence.

This plus the fact that people are much more sensitive about their data privacy these days make it a huge imperative for most companies to become GDPR-compliant and avoid a huge fine (a la Google). 


The GDPR has been years in the making, and California was thankfully ahead of the curve with its California Online Privacy Protection Act (CalOPPA). Long story short, if you’re running a commercial website or mobile app and collect personally identifiable information from Californians, you need a conspicuous privacy policy on your site.

Your privacy policy should:


1. Prominently label the section of your policy regarding online tracking, for example: “California Do Not Track Disclosures.”

2. Describe how you respond to a browser’s Do Not Track signal or similar mechanisms within your privacy policy instead of providing a link to another website.

3. If third parties are or may be collecting personally identifiable information, say so in your privacy policy.

4. Explain your uses of personally identifiable information beyond what is necessary for fulfilling a customer transaction or for the basic functionality of the website or app.

5. Describe what personally identifiable information you collect from users, how you use it and how long you retain it.

6. Describe the choices a consumer has regarding the collection, use and sharing of his or her personal information.

7. Use plain, straightforward language that avoids legal jargon and use a format that makes the policy readable, such as a layered format. Use graphics or icons instead of text.

That’s it! Even though a lot of people don’t read the fine print, it’s just good ethics to not create overly-complicated policies that could swindle your users/customers. 




    On The Blog