Can I collect browser information from participants in California? What are the requirements?

Based on the provided context documents, you can collect browser information from participants in California, but you must comply with the requirements of the California Consumer Privacy Act (CCPA) and the California Online Privacy Protection Act (CalOPPA).

Requirements for Collecting Browser Information

Under the CCPA, if you collect personally identifiable information (PII) through a website or online service about individual consumers residing in California, you must conspicuously post your privacy policy on your website ^[1.1]. Your privacy policy must identify the categories of PII that you collect through the website or online service about individual consumers who use or visit your commercial website or online service and the categories of third-party persons or entities with whom you may share that PII ^[1.1]. Additionally, you must disclose how you respond to web browser “do not track” signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of PII about an individual consumer’s online activities over time and across third-party websites or online services, if you engage in that collection ^[1.1].

Under CalOPPA, you must provide a clear and conspicuous notice at collection of personal information that informs consumers about the categories of personal information to be collected from them, the purposes for which the personal information is collected or used, and whether that information is sold or shared ^[2.2]. The notice must be made readily available where consumers will encounter it at or before the point of collection of any personal information ^[2.2]. If you collect personal information from a consumer online, the notice at collection may be given to the consumer by providing a link that takes the consumer directly to the specific section of your privacy policy that contains the information required ^[2.2].

Other Relevant Requirements

If you collect personally identifiable information through a website or online service from individual consumers who use or visit the commercial website or online service and who reside in California, you must comply with the provisions of Section 22575 or with the provisions of its posted privacy policy ^[1.2]. Additionally, if you collect personal information of 10,000,000 or more consumers in a calendar year, you must compile and disclose certain metrics within your privacy policy or posted on your website by July 1 of every calendar year ^[2.1].

Conclusion

In summary, you can collect browser information from participants in California, but you must comply with the requirements of the CCPA and CalOPPA. You must conspicuously post your privacy policy on your website, identify the categories of PII that you collect, disclose how you respond to web browser “do not track” signals, and provide a clear and conspicuous notice at collection of personal information. Additionally, you must comply with the provisions of Section 22575 or with the provisions of its posted privacy policy if you collect personally identifiable information through a website or online service from individual consumers who use or visit the commercial website or online service and who reside in California. If you collect personal information of 10,000,000 or more consumers in a calendar year, you must compile and disclose certain metrics within your privacy policy or posted on your website by July 1 of every calendar year.

Source(s):

• [1.1] Section 22575 - Internet Privacy Requirements
• [1.2] Section 22576 - Internet Privacy Requirements
• [2.1] Requirements for Businesses Collecting Large Amounts of Personal Information.
• [2.2] Notice at Collection of Personal Information.

Jurisdiction

California

• Privacy