The Issues Identified in Making Your Privacy Practices Public
In short, while transparency is a noble goal, it is not clear that increasing transparency will dramatically impact consumer trust.
The guidance also notes that there is research showing that people do not read privacy policies, or at least understand them when they do read them. Research by the Lares Institute also provides additional guidance on this point, which shows that people with higher education levels and income are less likely to read privacy policies. Examining research regarding who reads privacy policies provided by Internet Service Providers, including examination of their demographics, provides a good example of this issue..
While the guidance presents interesting issues for discussions, and some best practices that companies could adopt, not all of the suggestions will be relevant, or helpful, for all companies. In many cases these suggestions go well beyond the statutory requirements of CalOPPA, and in some cases might be difficult for companies to implement. For example, the suggestion that websites provide links to third-parties with whom they share information suggests a practice that is not statutorily required, and that might increase a company’s risk exposure (for a potentially deceptive statement either under Section 5 of the FTC Act, or § 17200 of California’s Business and Professions Code) in a way that it will find difficult to monitor, particularly if the third-party policies change over time.
Finally, one question that always must be asked when a regulator issues guidance is whether this could be the basis of enforcement down the road. While there is no indication that the Attorney General intends to use this as an enforcement tool either under CalOPPA, or Business & Professions Code § 17200, this possibility cannot be eliminated. In any case, this guidance does present the Attorney General’s views and it should be considered, where appropriate, if companies are trying to implement best practices regarding online disclosures.
For further information about this Guidance, please click here.