NY AG Launches Website Privacy Guides

Want to receive these privacy recaps that matter to consent management, adtech and martech in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.

USA

NY AG Launches Website Privacy Guides

The New York Attorney General’s Office announced its release of two privacy guides: a Business Guide to Website Privacy Controls and a Consumer Guide to Tracking on the Web. The business guide outlines steps companies can take (and mistakes companies can avoid) to ensure their privacy controls and disclosures comply with New York state law, including ensuring disclosures are accurate and that the language and user interface of privacy controls are not misleading (e.g., requiring a “save settings” button that is easy to overlook as a second step after a user makes a selection). The consumer guide explains how tracking technologies work, how consumers can use privacy controls (like cookie pop ups) to protect their privacy, and what else consumers can do to limit online tracking.

TAKEAWAY

Although New York has not enacted a comprehensive privacy law requiring specific privacy controls like those imposed under California’s CCPA or similar laws in other states, New York does have consumer protection laws that generally prohibit deceptive acts and practices, and the AG’s press release makes clear that business’ privacy-related practices and statements are subject to such laws. Therefore, if controls put in place under the comprehensive privacy laws of another state (e.g., CCPA) don’t function as promised, or if disclosures in a company’s privacy policy are inaccurate or misleading, a company can be in violation of New York state law. A recent investigation from the New York AG’s office analyzing third-party tags and privacy controls on a variety of websites found that “companies often make similar mistakes when deploying tags and other tracking technologies,” including miscategorized tags and cookies, misconfigured tools, hardcoded tags that the company’s CMP was unable to detect, reliance on third-party tag privacy settings that are restricted to states with comprehensive privacy laws, an incomplete understanding and disclosure of tag data collection and use, and failure to apply user choices across tracking technologies (beyond just cookies).

Keeping all the various U.S. privacy laws is crucial to your business. Check out Sourcepoint’s continually updated U.S. States’ privacy laws comparison chart for the latest changes from different states; California, Oregon, Nevada and more.

U.S. Senate Passes Kids Online Safety and Privacy Act

S.2078, implementing amended versions of what were previously referred to as the Kids Online Safety Act (KOSA) and COPPA 2.0 and now referred to collectively as the Kids Online Safety and Privacy Act, passed the Senate 91-3 and will be sent to the House. The Kids Online Safety portion of the bill would require certain privacy protections for children by social media platforms, and the COPPA 2.0 portion of the bill would amend the Children’s Online Privacy Protection Act (COPPA) to, among other changes, implement privacy protections for children under 17 (the current version of COPPA only applies to children under 13) and ban targeted advertising to kids and teens.

TAKEAWAY

The House is currently on a 6-week recess, so we likely will not see any further action on this bill until September at the earliest.

Privacy law is evolving and sensitive information can be derived from seemingly innocuous data. Download the new guide from Sourcepoint on sensitive data, Navigating the Maze: Sensitive Data & U.S. Privacy Laws.

Want more of the privacy highlights that matter for consent management, adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.