The OPPA, codified at Business and Professions Code § 22575-22579, became effective on July 1, 2004. It applies to commercial websites that collect “personally identifiable information,” which includes users’ names, physical addresses, email addresses, telephone numbers, social security numbers, or any other relevant information that can be used to identify users. OPPA requires such websites to “conspicuously post” their privacy policies.
Under Section 22577(b) “conspicuously post,” requires the site to provide a link to the policy “on the homepage or the first significant page after entering the Web site.” The link must contain the word “privacy” and must be displayed in a manner that would be obvious to the “reasonable person.”
In 2004, law firm Cooley Godward Kronish said the bill required the policy to appear either on the homepage itself, or on a page linked to directly from the home page. That same year, the California Office of Privacy Protection (“COPP”) issued a best practices guide, recommending that companies “use a conspicuous link on your home page containing the word ‘privacy,’” in “larger type than the surrounding text, contrasting color, or symbols that call attention to it.”that describes how Google helps them “stay safe and secure online,” ensuring users that Google “work continuously to ensure strong security, protect your privacy, and make Google even more useful and efficient for you.”
On June 3, 2008, a coalition of privacy groups, including the ACLU, the Center for Digital Democracy, and the Electronic Frontier Foundation, sent a letter to Google CEO Eric Schmidt urging the company to comply with the OPPA. On June 10, 2008, Assembly member Joel Anderson sent a letter to Schmidt expressing the same sentiment. Within days, Google added a hyperlink labeled, “Privacy,” linking users directly to the policy.
In 2012, the Department of Justice took over the work of the California Office for Privacy Protection, creating a new Office of Privacy Protection within the State Attorney General’s office. The new lineup includes Joanne McNabb, former chief of the COPP, as the Director of Privacy Education and Policy. The new division resides within the State’s eCrime unit.
According to Special Assistant Attorney General Travis LeBlanc, head of the new division, it will take proactive step in monitoring and regulating compliance with OPPA. The California Constitution guarantees the Right of Privacy in Article 1, Section 1, which says:
“All people are by nature free and independent and have inalienable rights. Among these are enjoying and defending life and liberty, acquiring, possessing, and protecting property, and pursuing and obtaining safety, happiness, and privacy.”
It remains to be seen what actions privacy groups and the state Attorney General will take.