Corporate Eye

What Brand Marketers Need to Know about California’s New Do Not Track Law

san francisco golden gate bridge californiaEarlier this year, a new do-not-track law went into effect in California (AB370) that requires some website owners (including brand websites) to disclose how they handle web and mobile do not track requests and to clearly explain how third parties are allowed to collect tracking and behavioral data “over time” and “across different web sites”.

The focus on do-not-track laws and guidelines has been increasing for years, and the new California law is just one more step to protect personally identifiable information that websites collect and share on a daily basis. While it doesn’t technically force companies from adhering to a person’s do-no-track requests, it does require websites to openly communicate how they respond to do-no-track requests and how they ensure data is only collected by approved third parties.

The challenge for brand marketers is effectively monitoring compliance across the intricate web (no pun intended) of companies collecting data. For example, brand marketers will need to ensure that the online advertising companies they work with are adhering to the new California law. Procedures will need to be put in place to monitor companies that collect names, addresses, phone numbers, email addresses, social security numbers, and other personally identifiable information that could be used to contact people directly. This is in addition to securing personally identifiable information to ensure it is protected from theft.

According to the new law, which is actually an amendment of the California Online Privacy Protection Act, brands with an online service (i.e., a website) must disclose:

  • The type of personally identifiable information collected
  • The types of third-parties that the website owner might share that personally identifiable information with
  • The process that the website owner follows for a person to review and request changes to the collected information
  • The process that the website owner follows to notify individuals of material changes to its privacy policy
  • The effective date of the privacy statement
  • The process used by the website owner to respond to a browser’s do-not-track signal about the collection of information about online activities over time and across third party online services
  • Whether third parties collect information about online activities over time and across different online services

How is your company handling do-not-track laws and guidelines for your brand? Leave a comment below and share your thoughts.

Image: Martyn E. Jones

The following two tabs change content below.
Susan Gunelius is the author of 10 marketing, social media, branding, copywriting, and technology books, and she is President & CEO of KeySplash Creative, Inc., a marketing communications company. She also owns Women on Business, an award-wining blog for business women. She is a featured columnist for and, and her marketing-related articles have appeared on websites such as,,, and more. She has over 20 years of experience in the marketing field having spent the first decade of her career directing marketing programs for some of the largest companies in the world, including divisions of AT&T and HSBC. Today, her clients include large and small companies around the world and household brands like Citigroup, Cox Communications, Intuit, and more. Susan is frequently interviewed about marketing and branding by television, radio, print, and online media organizations, and she speaks about these topics at events around the world. You can connect with her on Twitter, Facebook, LinkedIn, or Google+.