Twitter Logo Youtube Circle Icon LinkedIn Icon

Israel > Legal Developments > Law firm and leading lawyer rankings

Editorial

Changes in California’s Privacy Law Have Worldwide Impact

If you are the operator of a commercial internet website, an online service or a mobile application (app) ("Operator") and you collect personally identifiable information (PII) 1about consumer residing in California, you need to update your privacy policy following the enactment of a new California law in order to avoid potentially significant penalties.

If you are the operator of a commercial internet website, an online service or a mobile application (app) ("Operator") and you collect personally identifiable information (PII) 1about consumer residing in California, you need to update your privacy policy following the enactment of a new California law in order to avoid potentially significant penalties.

The new California law, which went into effect on of January 1, 2014, states that any Operator, whether or not located in California, that collects and maintains PII regarding California residents ("Users") must add two more disclosures to its privacy policy. First, the Operator is now required to disclose how it responds to "Do Not Track" signals or other similar mechanisms, if the Operator collects PII about a User's online activities over time and across third-party websites or online services. "Do Not Track" mechanisms are small pieces of code that signal to a website or an app that the User does not want his or her activity to be tracked by the Operator. Users typically operate a "Do Not Track" mechanism through the web browser they are using. The new California law requires Operators to disclose whether or not they abide by such mechanisms. The law specifies that the Operator can satisfy this requirement by providing a clear and conspicuous hyperlink in its privacy policy to an online location containing a description of any program or protocol the Operator follows that allows the User to express its preferences.

Second, the law requires Operators to disclose whether other parties may collect PII about a User's online activities over time and across third-party websites or online services. In other words, privacy policies now need to disclose whether third parties may collect PII through the Operator's site, service or app. The law does not state that the Operators must reveal the identity of such third parties, but only to acknowledge such tracking may be done by others.

It is noteworthy that the law does not mandate the Operator to honor a User's use of "Do Not Track" mechanisms. It simply mandates a disclosure of the way in which the Operator responds to these mechanisms. Furthermore, the law does not apply to Operators that do not collect PII "about an individual consumer's online activities over time and across third-party websites or online services". However, we would advise clients to state explicitly that no such collection is being made by the Operator.

Conclusions
If you fall within the law's requirements, you should take this opportunity to examine your privacy policy to determine what changes are required, if any.

Please consult with us if you are not sure whether your privacy policy fulfils these terms or if you would like us to revise it accordingly.

This memorandum is provided solely for informational and educational purposes and should not be construed as a legal advice.

If you have any questions regarding the subject of this article, please contact the following attorneys or call your regular Meitar contact:
David Mirchin, Adv.   Tel: +972-3-610-3199   dmirchin@meitar.com
Yael Kalman, Adv.    Tel: +972-3-610-3624   yaelk@meitar.com       
Chen Zilberman Neeman, Adv.   Tel: +972-3-610-3108   chenn@meitar.com   

______________________________________________________________________________________________

The term "Personally Identifiable Information" is defined broadly by the existing California Law, and it means "individually identifiable information about an individual consumer collected online by the operator from that individual and maintained by the operator in an accessible form".

 
 

Interview with...

Law firm partners and practice heads explain how their firms are adapting to clients' changing needs