This is a short overview on privacy policies for websites and apps in the US.
Most privacy related rules are still to be found on a state level, as opposed to a few based on federal law. California is usually setting the pace in privacy law to protect their residents from data hungry organizations.
Among the most important developments:
- the CCPA, California’s newest privacy law aimed at enhancing consumer privacy rights for residents of California;
- the Attorney General’s application of CalOPPA (Section 22575 of the Business and Professions Code that handles the privacy disclosures at large) to mobile applications; and
- CalOPPA’s amendment related to the Do Not Track process.
Usually the trigger is the collection or sharing of personal information like names, emails, images or any other means of identifying a returning user (the way ad networks serve targeted advertising for example). “Commercial” is an often used trigger for privacy policies, which is generally defined very broadly.
The same is true for California.
The introduction to Do Not Track reads like this:
The term “online service” extends to mobile apps.
What do I care about California?
If you’d like to reread the above quote, then you’ll find the answer:
The California Consumer Privacy Act puts in place new requirements for processing personally identifiable information, and grants Consumers additional rights. The law is set to become effective on January 1st, 2020, and to become fully enforceable on July 1st, 2020.
Like the CalOPPA, it doesn’t only apply to California businesses, but it applies to any business that impacts people in California.
Do Not Track
“Do Not Track” is information that is communicated by a browser to a website about the fact that they do not want to be “tracked”.
What about federal laws?
There are federal laws as well. The most important in our vertical is the Children’s Online Privacy Protection Act (COPPA).
COPPA – Children’s Online Privacy Protection Act
COPPA was enacted by Congress in 1998 and required the Federal Trade Commission to issue and enforce regulations concerning children’s online privacy. The primary goal of COPPA is to protect children’s privacy online (and at the same time on the mobile ecosystem). COPPA puts parents in control over what information from their children is collected and used.
When do you as a web or mobile developer or operator/owner of these services fall under COPPA? And what does that fact mean for you?
The Rule applies to operators of commercial websites and online services directed to children under 13 that collect, use, or disclose personal information from children. It also applies to operators of general audience websites or online services with actual knowledge that they are collecting, using, or disclosing personal information from children under 13.
Read a more thorough guide about COPPA and websites or mobile apps.
Other special requirements – HIPAA
There are other special laws that should not be forgotten, like the HIPAA, the Health Insurance Portability and Accountability Act. It’s mostly not relevant for our users, so please get in touch if you have any questions regarding it.
Our international approach
If there are any more questions, we are always happy to take them.