Documentation index

Guide ›

How to include Do Not Track info in a privacy policy

Ever since the Do Not Track amendments have been passed and have become effective on January, 1st, the world website and app owners have wondered how they could best comply with the changes.

The amendment added two new requirements to Californias so called CALOPPA:

  1. the operator’s response to a browser DNT signal or to “other mechanisms,” and
  2. the possible presence of other parties conducting online tracking on the operator’s site or service.

Now the Attorney General’s office of California has released another guide for website owners and developers (yes mobile app owners as well). This time the guides covers the Do Not Track requirement and how to make sure you comply with it.

You can read and download the Do Not Track guide “Making your Privacy Practices Public” here.

The key takeaways of the guide can be summarized like this:

  • Prominently label the section of your policy regarding online tracking, for example: “California Do Not Track Disclosures.”
  • Describe how you respond to a browser’s Do Not Track signal or similar mechanisms within your privacy policy instead of providing a link to another website.
  • If third parties are or may be collecting personally identifiable information, say so in your privacy policy.
  • Explain your uses of personally identifiable information beyond what is necessary for fulfilling a customer transaction or for the basic functionality of the website or app.
  • Describe what personally identifiable information you collect from users, how you use it and how long you retain it.
  • Describe the choices a consumer has regarding the collection, use and sharing of his or her personal information.
  • Use plain, straightforward language that avoids legal jargon and use a format that makes the policy readable, such as a layered format. Use graphics or icons instead of text.

As you can see only the first two takeaways are about Do Not Track itself.  That’s because the underlying goal is quite simple. Tell your visitors what Do Not Track does on your site, or what it doesn’t.

I’m pasting in the larger recommendations regarding Do Not Track in their entirety for you below:

Make it easy to find the Do Not Track section of your policy.

Clearly identify the section in which you describe your specific policy regarding online tracking or how you respond to consumers’ DNT signals. Use a header, for example “How We Respond to Do Not Track Signals,” “Online Tracking” or “California Do Not Track Disclosures.”

Describe how you respond to a browser’s DNT signal or to another such mechanism.

Describing your response in your privacy policy statement is preferable to simply providing a link to a related “program or protocol” (hereinafter referred to as a “program”) because it provides greater transparency to consumers.


If you decide not to describe your response to a DNT signal or to another mechanism, provide a clear and conspicuous link in your privacy policy statement to a program that offers consumers a choice about online tracking.

In our policies we have a statement that per default assumes that you do not honor or react to Do Not Track requests.

Generate a privacy policy with iubenda

Still have questions?

Visit our support forum Email us