Personal data includes names, email addresses, credit card information, user behavior analytics, and any other information that can be used to identify a person.
- Be prominently displayed
- Use plain and clear language
- Specify which types of personal information you collect (e.g., names, addresses, device data, etc.)
- State whether do not track (DNT) requests will be honored
- Comprehensively explain how you collect, handle, share, and sell consumer data
- Be made available to consumers “at or before” the point of data collection
- Include instructions on how consumers can act on their California privacy rights, including the right to opt out of the sale of their data
California Shine the Light Law
The California Shine the Light law has been in effect since 2003, and seeks to regulate list brokerage (the sale or sharing of consumers’ personal information for marketing benefits) in California.
- Be linked to on your website’s homepage with the anchor text “Your California Privacy Rights”
- Describe Californians’ privacy rights under Shine the Light
- Provide valid contact information
Under the Shine the Light law, consumers also have the right to request receipt of what types of their information are shared for marketing purposes. The law lists 27 applicable types of personal information.
The Eraser Law (or Content Eraser Law) applies to online services that target California minors. It gives minors the right to request that information they’ve uploaded be removed from a site or service.
- Include a section that explains California minors’ rights and how they can act upon them
- Make the above information clearly visible and easy to find
1. Detail Your Data Collection
Privacy laws in California require clear and comprehensive explanations of your data collection, handling, sharing, and selling.
2. Include Your Contact Information
3. Explain Californians’ Rights
Your California privacy notice needs a section explaining what rights Californians have over their data. User rights will vary depending on the laws you’re subject to comply with — so make sure you understand which of the above laws apply to your website.
This section needs to include any related links. For example, it needs to include a “Do Not Sell My Personal Information” link to comply with the CCPA. This link should direct users to a page or form through which they can opt out of having their personal information sold.
If your online service targets California minors, you should separate this into two sections:
- California Privacy Rights
- California Minors’ Privacy Rights
These sections should be easy to find and give users clear instructions on acting upon their California rights.
- Main menu
- Website footer
- Sign-up page
- Newsletter or email form
- Checkout page
- Other points of data collection
Instagram’s California Privacy Notice
Like Disney, Instragam’s notice has a navigable menu and expandable sections specifically for California consumers.
Note how clearly this privacy notice outlines rights afforded to Californians:
Californians’ privacy rights are concisely stated, and a link is provided for consumers to click if they wish to act upon their rights.
Along with listing categories of information and if they collect them, WebMD’s policy gives examples of personal information that may be classified under each category.
Like WebMD, you should be as descriptive as possible about the data you collect.