Data news

New York AG Publishes Guidance on Website Privacy Controls

Written by Alex Margau | Aug 9, 2024 7:48:24 AM

On July 30, 2024, New York Attorney General Letitia James launched two new privacy guides aimed at helping both consumers and businesses in New York, Website Privacy Controls - A Guide for Business and A consumer guide to web tracking

The guides, available on the Office of the Attorney General's website, offer insights into website privacy practices. 

The Business Guide focuses on common tracking errors and legal compliance, while the Consumer Guide explains how individuals can protect themselves from unwanted online tracking. 

These resources were created following an investigation that uncovered significant issues with the privacy practices of several popular websites.

In the official press release, Attorney General James made the following statement: 

When New Yorkers visit websites, they deserve to have the peace of mind that they won’t be tracked without their knowledge, and won’t have their personal information sold to advertisers. [...] All too often, visiting a webpage or making a simple search will result in countless ads popping up on unrelated websites and social media. When visitors opt out of tracking, businesses have an obligation to protect their visitors’ personal information, and consumers deserve to know this obligation is being fulfilled. These new guides that my team launched will help protect New Yorkers’ privacy and make websites safer places to visit.

Website Privacy Controls - A Guide for Business

In the Introduction, the Guide explains that while Websites use cookies and other tracking technologies to enhance user experience, these can also compromise privacy. A New York State Attorney General investigation found that many popular websites have flawed or misleading privacy controls, leading to continued tracking despite user opt-outs. For this reason, the guide was created to help businesses avoid these pitfalls and comply with New York law.

Key points in the Guide include: 

  • Common Mistakes: Many websites fail to properly categorize or configure tags and cookies, which can result in tracking mechanisms remaining active even when users opt out. For instance, if a tag is not correctly categorized, it may bypass user-selected privacy settings.
  • Technical Challenges: Integrating multiple tools, such as consent-management and tag-management systems, can introduce complexities that, if not properly addressed, can cause privacy controls to not function as intended.
  • Hardcoded Tags: Some tags are embedded directly into websites in ways that circumvent privacy tools, meaning they remain active regardless of user preferences, leading to ongoing tracking even after opt-out selections are made.
  • Inadequate Privacy Settings: Some businesses depend on privacy features from vendors like Meta and Google. However, these features may only partially limit data collection, particularly in states like New York that do not have comprehensive privacy laws.
  • Limited Understanding: Businesses often deploy tracking technologies without fully understanding the data they collect or how it is used and shared, potentially leading to non-compliance and undermining consumer trust.
  • Alternative Tracking Methods: Beyond cookies, businesses may use other tracking methods, such as device fingerprinting, which can continue to monitor user behavior even when cookies are disabled.

The Guide recommends that businesses conduct regular testing, review, and properly configure the tracking technologies they use in order to avoid misleading their consumers so that privacy controls function as intended and user choices are respected.

 

A consumer guide to web tracking

The "Consumer Guide to Web Tracking" was published to help consumers understand how their online activities are monitored and what they can do to protect their privacy. The guide explains that most websites use tracking technologies like cookies to collect data about users’ browsing habits, which can then be used by companies to deliver targeted advertisements.

Key points from the guide include:

  • How Web Tracking Works: The guide details how cookies, small text files stored on your device, are used to track your online activities. These cookies can identify you across different websites and are often used by advertising companies to build a profile of your interests.
  • Cookie Pop-Ups and Privacy Controls: Many websites use cookie pop-ups to inform users about tracking and provide options to manage it. The guide outlines the different types of cookie pop-ups:
    • Informational: Simply provides information without giving any control over tracking.
    • Opt-Out: Allows users to disable certain types of tracking, like marketing cookies.
    • Opt-In: Requires users to give consent before tracking begins.
  • Limitations of Privacy Controls: The guide warns that even when users opt out of tracking, existing cookies on their devices might continue to collect data. Additionally, not all tracking technologies are covered by cookie settings—some websites may use more advanced methods like device fingerprinting.
  • Tips to Protect Privacy: Consumers are encouraged to use browser settings to block third-party cookies, install ad blockers, and be cautious about the information they share online. The guide also advises regularly clearing cookies and reviewing privacy settings on websites and apps.
  • Challenges with Online Privacy: The guide acknowledges that fully stopping online tracking is difficult due to the pervasive nature of tracking technologies. It emphasizes the importance of staying informed and taking proactive steps to protect personal information.