A new privacy law requires companies to make specific statements about what information is collected on its website.  Like California, it also requires that companies state in writing whether they respect “Do Not Track” requests.

Delaware has passed the Delaware Online Privacy and Protection Act that requires online operators (e.g. website, online or cloud computing service, or mobile app) to conspicuously post a privacy policy identifying the personally identifiable information (PII) it collects on users and how it responds to “Do not track” signals.

The broad new law impacts not just Delaware-based businesses, but any company that collects PII about a Delaware resident—in other words, virtually any company that transacts business online. The Delaware Online Privacy and Protection Act goes into effect January 1st, 2016.

The law provides companies with a number of ways to post a privacy policy. But the posted policy must be readily available to users and must meet the following requirements:

  • Identify what type of information is being collected
  • List the categories of third parties with whom the information is shared
  • Describe how users can review and change their collected information
  • Detail how the company notifies users of changes to the privacy policy
  • List the effective date of the privacy policy
  • Disclose how the company responds to “Do not track” signals
  • Divulge whether or not third parties can collect PII about a user’s online activities from the company’s website or Internet services

California already has a similar law in place, so clients may not need to change existing privacy policies. However, the new Delaware law does provide a timely opportunity to review such policies to ensure that privacy-related language is up-to-date.  

The Delaware Online Privacy and Protection Act also prohibits companies from marketing certain products (alcohol, tobacco, firearms, fireworks, etc.) to minors via online channels. Finally, the Act prohibits book service providers from disclosing personal information about its users without written consent.

Contact Information

If you have questions about the Delaware Online Privacy and Protection Act, your privacy policy, or other data privacy issues, please contact Ted Claypoole.

Womble Carlyle client alerts are intended to provide general information about significant legal developments and should not be construed as legal advice regarding any specific facts and circumstances, nor should they be construed as advertisements for legal services.

IRS CIRCULAR 230 NOTICE: To ensure compliance with requirements imposed by the IRS, we inform you that any US tax advice contained in this communication (or in any attachment) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or (ii) promoting, marketing or recommending to another party any transaction or matter addressed in this communication (or in any attachment).