The 2014 Enhanced Online Privacy Laws: What They Mean for Website Owners

The 2014 Online Privacy Laws

Online privacy and more specifically disclosing to consumers if and how their visitor data is being tracked is now an important matter for all website owners.

As of January 1, 2014, there are specific requirements to provide ‘enhanced’ privacy notices about the tracking practices you use. This holds true whether you are the one doing the tracking, or some other entity is involved.

Online privacy is now a very hot button topic for consumers. We’ve developed a strong sense of concern about what happens with our private information following the recent security breaches at Target and other large retailers. Alarms raised over the tracking of personal data by the NSA have also given us a wake up call.

As business owners in the virtual world, we now have a responsibility to our customers to clearly disclose our online privacy policy related to two specific issues.

The Two Major Compliance Issues Affecting Your Treatment of Online Privacy

1) The Better Business Bureau now has an Online Interest-Based Advertising Accountability Program, which regulates behavioral advertising across the Internet. Under the current regulations, website owners are required to give site visitors ‘enhanced notice‘ (meaning it has to be in an obvious location, not buried in your privacy policy) whenever their data is gathered for Online Behavioral Advertising (OBA).

OBA uses information gathered from multiple unaffiliated web sites to predict a user’s preferences, and display ads most likely to interest consumers. The Better Business Bureau began auditing and enforcing their accountability program on January 1, 2014.

2) There is a new amended California Internet Privacy Law, which requires operators of a commercial Internet website or online service (including mobile apps) that collect personally identifiable information (PII) about consumers residing in California who use or visit its website or service to disclose how it responds to “do not track” signals or other mechanisms that provide consumers a choice regarding the tracking of their online activities, and to disclose whether others may collect PII when they use the operator’s website or online service. The legalese is long, I know, but you get the drift.

In other words, if your website can or does collect information about California residents, then you need to be in compliance with the new law by adding the disclosures. A case in point, as highlighted in this article, would be if you allow a third party to place ads on your site and the advertiser places “cookies” on the user’s browser to allow them to track that user’s movements across domains, you would likely need to disclose that fact to your users.

About the ‘Do not Track’ Online Privacy Provision

Do not track‘ is intended to work in much the same way as the more familiar ‘do not call’ request for opting out of unwanted calls, except it asks whatever sites you visit not to track your movements for the purpose of delivering ‘like it or not’ ad content. But unlike ‘do not call’, there’s no current requirement that the site receiving your ‘do not track’ signal has to honor your request. It just has to disclose its policy about how the requests are handled in plain view.

About the Third Party Online Privacy Disclosure

In the past, website owners tended to rely on whatever advertising network they subscribed to for sharing specific tracking details to consumers. With the new law, the responsibility falls directly on the owner of the individual website. The California law is the first in the United States to impose disclosure requirements on website publishers that track consumers’ online behavior.

Who the Online Privacy Regulations Affect

Generally, the new rules apply to you if:

  • You use any kind of advertising network (including those WordPress plugins that feature posts from around the web on your site in exchange for showing your content on other sites)
  • You have affiliate links on your site
  • You host AdSense ads on your site
  • You use Google Analytics that track your visitor’s activity on your site or blog
  • You capture personal identifying information through forms handled by third parties on your site or blog
  • Your site places cookies on your visitor’s computer
How to Comply with the 2014 Online Privacy Regulations

I’ve read a good amount of information on this subject, and there doesn’t seem to be a universal standard for complying with these new changes. As best as I can determine, here’s what you can do in the near term to keep the Better Business Bureau away from your door.

If your site ignores ‘do not track’ signals (and most do because they are fairly new), you need to make that obvious to your site visitors. If you do happen to honor them, you need to also clarify how you do that to be in compliance.

If you are a network or affiliate marketer, or you allow third party advertising on your site or blog, you need to let your site visitors know that you’re using online behavioral tracking technology.

In the interest of transparency, you should state whether you use Google Analytics. While their tracking is anonymous (it doesn’t mine personal identifying information like names and email) it should be noted in your privacy policy. Note that this is also part of the user agreement for having Google Analytics on your site.

If you have affiliate links on your pages or posts, it should be clear that you will receive compensation if someone buys through one of your links.

If you writing about a product that you received a sample or review copy of, you need to mention it.

If your site creates cookies, you should say so prominently and explain how they are used. The Pillsbury Law site does a very neat job of this by adding a statement at the very top of their web pages.

If you collect information from web forms, your privacy policy should identify what happens to it (it gets emailed, put into a database, etc.) and what you do with it (send out newsletters and special offers). The law doesn’t seem to apply to situations where visitors willingly share their data with you, but, as in the case of Google Analytics, it is best to conform to the spirit of online consumer privacy law, which is all about transparency.

Well, It looks like we’ve got some work to do. How do you feel about the new online privacy regulations? Were you aware of them before? Add your comment below.
 
 
is the author of this post about online privacy. Please feel free to share it, if you found it helpful to your business. Thanks for visiting!


Pin It
The following two tabs change content below.
I am a small business success coach and mobile app developer. I help my clients leverage cutting edge technologies to get and keep more customers.

24 Responses to “The 2014 Enhanced Online Privacy Laws: What They Mean for Website Owners”

  1. Great information. Thank you for the post!

  2. Meryl says:

    It is nice to be informed. So many changes are always taking place it can be overwhelming to keep up with everything. Thank you for sharing this valuable information.
    Meryl recently posted..Energy PsychologyMy Profile

  3. Kungphoo says:

    Very interesting article! I never knew any of this! Thanks for sharing!

  4. Jessica says:

    it’s so difficult running a small business and the guidance you provide here is so appreciated and needed!

  5. Veronica says:

    This is great information and very important to know.
    Veronica recently posted..Tip For Tuesday: Have A Plan When DecoratingMy Profile

  6. Nate Leung says:

    Hi Dawn,

    This is good to know. Most do not bring this topic up but I’m glad you did. I will look this over again. Thanks for sharing this Dawn. 🙂
    Nate Leung recently posted..5 Reasons Why Worry Will Not Help You in Your BusinessMy Profile

    • Dawn Lanier says:

      Glad you found this helpful Nate. As business owners, it’s important for us to be aware of things that can impact what we do, especially when it comes to legal issues. Thanks for your comment!

  7. Roz says:

    I was unaware of this but checked with my web developer awhile ago . Probably need to discuss again since we use google analytics. I like the way you stated your enhanced policy notice, not just because it is in purple but because it demonstrates that you are practicing what you preach.
    Not sure if I’ll do anything different just yet. Thanks for the info.
    Roz recently posted..Love on Valentine’s DayMy Profile

    • Dawn Lanier says:

      Thanks Roz. I probably would discuss it again with your web developer, especially since yours is an ecommerce site that may use cookies and/or attract California visitors. Better to be safe than sorry. By the way, you just proved that people really do notice when you walk your talk 🙂 I appreciate your mentioning that!

  8. Dawn, what a valuable post. I am sharing! As someone who appreciates compliance and risk management, I really got valuable information from your post. I love your enhanced privacy notice. Does the law state how prominent these disclosures need to be? Good stuff. Thanks!!
    Tandy Elisala recently posted..What it means to be a family advocate: Day 1 of 30 day Family Caregiver SeriesMy Profile

    • Dawn Lanier says:

      Thank you for visiting my blog Tandy, and for your kind words – they are appreciated! The guidelines suggest that enhanced notices should be in a ‘no miss’ location on your site, where they are likely to be seen by any visitor.

  9. wow lots to know. I will have to learn more about all this. Thank you Dawn.
    Carele Belanger recently posted..Anthony Robbins is interested about what I do?My Profile

  10. Wow, I did not know about these new privacy laws! Thank you so much for sharing the information with us!
    Marielle Altenor recently posted..Homemade Taco PieMy Profile

  11. Pat Moon says:

    I had no idea of this new law.. wow, it seems overwhelming! I notice your statement, would we be able to use such a statement on our site to protect us if we use wordpress.org? Most privacy laws make my eyes and brain glaze over. I’m not happy about this but looks like what is happening. Thanks for bringing it to our attention.
    Pat Moon recently posted..How Do You Eat A Box Of Chocolates?My Profile

    • Dawn Lanier says:

      Yes Pat, you absolutely can use such a statement on a WordPress.org site. That’s what I’m doing here. The new changes apply to all sites, regardless of their hosting platform. PS – I know what you mean about Privacy statements making your eyes glaze over (great visual by the way) but having one is a necessary part of business. Thanks for your comment.

  12. Thank you for sharing. I haven’t heard anything about the new changes until I saw your post on Facebook.
    Christy Garrett recently posted..DIY Captain America ShieldMy Profile

Leave a Reply

Your email address will not be published. Required fields are marked *

CommentLuv badge