The use of tracking software by websites is widespread. Advertising companies and social networks use technology such as cookies to track the websites consumers visit and the route they take from one website to another. For instance, tracking technology can tell the difference between whether you got to a website through a Google search or by clicking on a hyperlink in a news article. Companies can then use this information to build a profile on individuals in order to target advertising on different websites that they visit. Advertising companies are then able to discriminate to different consumers based on the profiles the companies build. Additionally, advertising companies are able to make money by selling these valuable profiles to websites.
The use of this type of tracking software is, as probably expected, controversial. Privacy advocates believe this tracking to be an invasion into web users’ privacy and that the companies doing this tracking fail to adequately disclose the full extent to which this tracking is taking place. These advocates are also concerned with the extent of information tracked, which can include highly sensitive and personal data about health issues, location, and finances. On the other hand, advertisers and companies using the data love the technology because it allows companies to target consumers more accurately and allows advertisers to charge more for better data. This data can be particularly valuable for startups looking to increase the number of users and grow their web presence.
As a result of these concerns, privacy advocates have taken some steps to try and remedy these concerns. Software developers have designed software to try and prevent websites from tracking user activity across the web. The technology works by placing a signal on the users computer that tells websites the user does not want to be tracked. This signal is currently ineffective because there is no requirement that advertisers follow the signal. The World Wide Web Consortium (W3C), an organization that sets standards for the web, created a working group composed of privacy activists, advertisers and others, to try and develop a standard approach to “Do Not Track” signals. In September 2013, however, the effort ended in failure when the constituent parties could not agree on an approach and decided to disband.
The new law has come under fire from both sides of the online privacy debate. Some, such as Eric Goldman, a Professor at Santa Clara University School of Law, argue that the law hurts websites and consumers by imposing additional compliance costs on websites, not providing true disclosure because consumers rarely read privacy policies, and failing to cover all tracking technologies. Others, such as Chris Cronin, an information security professional, argue that the law falls short because it is weak and does not require websites to protect user privacy or comply with “Do Not Track” signals. Regardless, given California’s de facto ability to set national privacy standards and the fact that compliance with the new law is simple, it behooves startups to comply with the new recommendations by amending their privacy policies.