Online Privacy Protection Act
Encyclopedia
The California Online Privacy Protection Act of 2003 (OPPA), effective as of July 1, 2004, is a California State Law. According to this law, operators of commercial websites that collect personally identifiable information from California's residents are required to conspicuously post and comply with a privacy policy
that meets certain requirements.
, visiting such web pages. This act, however, is not applicable to ISPs or similar entities who record data upon request from a third party.
In this case, confidential personal information, collected online, includes first and last names, a street address, an email address, a telephone number, a social security number
, or various other data which allows the tracking of a user. Personally identifiable information can include date of birth, height, weight, etc, when this information is recorded and stored online by the operator in combination with one of the above identifiers. An individual user is one seeking to or acquiring goods or services, money or credit for himself, his family, or his household.
The owner of a website can be subject to legal actions over OPPA within 30 days of being notified for not posting the privacy policy or not meeting the law's criteria. The owner could be faulted for his negligence, possibly even consciously, over his inability to comply with the act, which ultimately results to charges filed against him for this noncompliance.
privacy policy required clicking on "About Google" on its home page, which brought up a page that included a link to its privacy policy. New York Times reporter Saul Hansell posted a blog entry raising questions about Google's compliance with this act. A coalition of privacy groups also sent a letter to Google's CEO, Eric Schmidt, questioning the absence of a privacy policy link on its home page. According to Electronic Privacy Information Center
director Marc Rotenberg
, a lawsuit challenging Google's privacy policy practices as a violation of California law was not filed in the hope that their informal complaints could be resolved through discussions.
Later, Google added a direct link to its privacy policy on its homepage.
nor the company that created the web site has to be in California to be under the scope of the law. The web site only has to be accessible by California residents.
Privacy policy
Privacy policy is a statement or a legal document that discloses some or all of the ways a party gathers, uses, discloses and manages a customer or client's data...
that meets certain requirements.
Who must comply
This act is applicable to any individual or entity (corporation) that owns a commercial web page or an online service that collects and records confidential personal information from an individual living in CaliforniaCalifornia
California is a state located on the West Coast of the United States. It is by far the most populous U.S. state, and the third-largest by land area...
, visiting such web pages. This act, however, is not applicable to ISPs or similar entities who record data upon request from a third party.
In this case, confidential personal information, collected online, includes first and last names, a street address, an email address, a telephone number, a social security number
Social Security number
In the United States, a Social Security number is a nine-digit number issued to U.S. citizens, permanent residents, and temporary residents under section 205 of the Social Security Act, codified as . The number is issued to an individual by the Social Security Administration, an independent...
, or various other data which allows the tracking of a user. Personally identifiable information can include date of birth, height, weight, etc, when this information is recorded and stored online by the operator in combination with one of the above identifiers. An individual user is one seeking to or acquiring goods or services, money or credit for himself, his family, or his household.
Requirements of the act
According to the act, the operator of a website must post a distinctive and easily-found link to the website's privacy policy. The privacy policy must detail the kinds of information gathered by the website, how the information may be shared with other parties, and, if such a process exists, describe the process the user can use to review and make changes to their stored information. It also must include the policy's effective date and a description of any changes since then.The owner of a website can be subject to legal actions over OPPA within 30 days of being notified for not posting the privacy policy or not meeting the law's criteria. The owner could be faulted for his negligence, possibly even consciously, over his inability to comply with the act, which ultimately results to charges filed against him for this noncompliance.
Consequences of non-compliance
As it does not contain enforcement provisions of its own, OPPA is expected to be enforced through California’s Unfair Competition Law (UCL), which prohibits unlawful, unfair or fraudulent business acts or practices. UCL may be enforced for violations of OPPA by government officials seeking civil penalties or equitable relief, or by private parties seeking private claims.Compliance by Google
In May 2008, getting to Google'sGoogle
Google Inc. is an American multinational public corporation invested in Internet search, cloud computing, and advertising technologies. Google hosts and develops a number of Internet-based services and products, and generates profit primarily from advertising through its AdWords program...
privacy policy required clicking on "About Google" on its home page, which brought up a page that included a link to its privacy policy. New York Times reporter Saul Hansell posted a blog entry raising questions about Google's compliance with this act. A coalition of privacy groups also sent a letter to Google's CEO, Eric Schmidt, questioning the absence of a privacy policy link on its home page. According to Electronic Privacy Information Center
Electronic Privacy Information Center
Electronic Privacy Information Center is a public interest research group in Washington, D.C. It was established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and constitutional values in the information age...
director Marc Rotenberg
Marc Rotenberg
Marc Rotenberg is President and Executive Director of the Electronic Privacy Information Center in Washington, DC. He teaches Information Privacy Law at Georgetown University Law Center, and testifies frequently before Congress on emerging privacy and civil liberties issues, such as access to...
, a lawsuit challenging Google's privacy policy practices as a violation of California law was not filed in the hope that their informal complaints could be resolved through discussions.
Later, Google added a direct link to its privacy policy on its homepage.
Scope
The act has a very broad scope, well beyond California’s border. Neither the web serverWeb server
Web server can refer to either the hardware or the software that helps to deliver content that can be accessed through the Internet....
nor the company that created the web site has to be in California to be under the scope of the law. The web site only has to be accessible by California residents.