A pamphlet with guidelines for privacy and do not track policies for websites and mobile apps is available from the California Attorney General (AG).
While the guidelines focus on California law, it is helpful for websites based outside of California that collect personal data of California residents. In the past, California has been at the forefront of data privacy policies, so the guidelines are useful for all websites and mobile apps.
In addition to privacy policies, the pamphlet also outlines what developers should disclose regarding how they treat Do Not Track (DNT) browser signals from consumers. The Federal Trade Commission has recommended a uniform DNT signal for browsers. In 2013, California passed legislation requiring disclosure of how an operator responds to DNT signals as well as how third parties, who have access to the site, react to DNT signals.
- Explain the scope of the policy, such as whether it covers just online data collection and use practices or both online and offline practices.
- Make the policy recognizable by giving it a descriptive title.
- Make the policy conspicuously available to users and potential users by using a conspicuous link with larger type than the surrounding text, contrasting color, or symbols that call attention to it.
- Use plain, straightforward language, avoiding technical or legal jargon.
- Use short sentences.
- Describe how you collect personally identifiable information.
- Describe how you responded to a browser’s DNT signal or to another such mechanism.
- Explain how you use and share personally identifiable information.
- Explain how you protect your customers’ personal information from unauthorized or illegal access, modification, or use or destruction.
Companies that have not updated their website privacy policies recently might want to review them in light of the California AG’s guidelines.