The Delaware Online Privacy and Protection Act takes a broad approach to the collection and disclosure of personally identifiable information.
Delaware Governor Jack Markell recently signed the Delaware Online Privacy and Protection Act (DOPPA), Delaware’s first online privacy law, which will take effect on January 1, 2016. DOPPA places restrictions on online marketing and advertising to Delaware children and restricts the online collection and disclosure of personal information from Delaware residents.
Under the new law, websites and apps “directed at children” cannot advertise or market certain prohibited items, including alcohol, tobacco products, firearms, fireworks, tanning equipment, dietary supplements, lotteries, body piercings, tattoos, drug paraphernalia, and pornography. In addition, websites or apps not expressly “directed at children” may not advertise the prohibited items to children where that advertising is based on a child’s profile, activity, address, or location sufficient to establish contact with the child.
For websites or apps that use advertising services, DOPPA requires only that websites notify the advertising service that the property is directed at children. In that case, the advertising service will be responsible for compliance.
In addition, DOPPA limits websites’ and apps’ use of personal information from children, forbidding online properties directed at children from using children’s personal information to advertise and from disclosing it to others for purposes of advertising.
DOPPA defines the term “directed at children” much like it is defined in connection with the federal Children’s Online Privacy Protection Act (COPPA), including Internet services “targeted or intended to reach an audience that is composed predominantly of children,” as determined by factors such as subject matter, visual or audit content, age of the models, and language or other characteristics, together with empirical evidence regarding audience composition. Unlike COPPA, however, which applies only to children under age 13, DOPPA applies all those under 18.
DOPPA also has certain requirements that apply to any “book service,” which is defined as “an entity [that] as its primary purpose, provides individuals with the ability to rent, purchase, borrow, browse, or view books electronically or via the Internet.” It prohibits book services from disclosing information about users of their services to “any person, private entity, or government entity,” except in limited circumstances. These circumstances require proper legal process and/or court order to both the user and/or the book service provider. DOPPA also requires sufficient notice (i.e., 35 days) to permit a user to timely appear and quash the request or contest the court order.
Morgan Lewis is a leader in advising clients on privacy compliance. If you have any questions or would like more information on the issues discussed in this LawFlash, please contact any of the following Morgan Lewis lawyers:
W. Reece Hirsch
Mark L. Krotoski
Colm F. Connolly