Websites that collect personal information from Californians now have guidelines on helping users better understand how their information is used.

The guidelines, announced Wednesday by California Attorney General Kamala Harris, are voluntary and are intended to add clarity to the 2003 landmark California Online Privacy Protection Act, which Harris called the country's first law requiring commercial websites and mobile apps to conspicuously post a privacy policy if they collect personally identifiable information from Californians.

Last year, California also began requiring privacy policies to include information on how the operator responds to users who do not want their information shared via so-called "Do Not Track" signals, which are intended to stop their private information from being shared.

"This guide is a tool for businesses to create clear and transparent privacy policies that reflect the state's privacy laws and allow consumers to make informed decisions," Harris said in a statement.

The new guidelines urge companies to be more candid, in plain language, and encourage websites to notify users about what personal information they collect, how it's used, how long it will be held and whether third parties get access to it.

Aleecia McDonald, director of privacy at Stanford Law School's Center for Internet and Society, issued a statement calling Harris' recommendations "clear, readable, useful, and mercifully short. Companies will understand how to comply with the letter and spirit of California transparency laws."


Advertisement

But Santa Clara University law professor Eric Goldman, who is also director of the university's High Tech Law Institute, told this newspaper that Wednesday's announcement is merely the latest attempt to "build on a platform where there's no evidence that the platform was a smart one to begin with."

Goldman said California's landmark law has had no clear effect on protecting Web users' privacy.

"In 2003, California blazed a trail, as it loves to do, as the vanguard of protecting consumer privacy," Goldman said. "But the law doesn't guarantee any privacy. And merely telling consumers whether they're being tracked is a mismatch between what consumers expect and what the law actually does."

Contact Dan Nakaso at 408-271-3648. Follow him at Twitter.com/dannakaso.