National Internet Safety Month: Spotting Privacy Unfriendly Websites

Key Takeaways:

• National Internet Safety Month is observed every June, first designated by the U.S. Senate in 2005 to raise awareness of digital threats and promote cyber education.
• As part of staying safe online, Californians should look for clear, easy‑to‑use opt‑out mechanisms and avoid sites that hide or ignore these options, including those that use dark patterns.
• A trustworthy privacy policy should explain consumers’ rights and how to exercise them.
• Consumers are encouraged to review how websites use, sell, or share data and exercise their rights before providing personal information.
• CalPrivacy offers additional tips and tools, including ways to delete data from brokers and submit complaints about noncompliant businesses.

As Californians spend more time online, staying safe on the internet is more important now than ever. The U.S. Senate recognized this need in June 2005 when it passed a resolution recognizing June as National Internet Safety Month. This National Internet Safety Month, CalPrivacy is sharing tips to identify websites that may not be honoring your online privacy, which can lead to your personal information being used in ways you don’t expect or intend.

No Opt-Out Mechanism? Run!

Under California law, businesses covered under the California Consumer Privacy Act (CCPA) must give customers a way to opt-out of the sale and sharing of their personal information. They must do this by providing consumers with a mechanism to opt-out. This can be through a “Do Not Sell or Share My Personal Information” link found at the bottom of a website or through a notice banner or pop-up message that gives you the ability to turn off tracking technologies (e.g., cookies) that sell or share your personal information.

The opt-out mechanism must be user-friendly and easy to understand. It is illegal for businesses to use  dark patterns — confusing or misleading opt-out processes that make it hard to exercise your choice. Examples of dark patterns in opt-out mechanisms are choices that are poorly labeled, don’t work properly, require an unreasonable number of steps, or are designed to be confusing. If you spot a website using dark patterns, you can submit a complaint to CalPrivacy.

If you visit a website and cannot find a way to opt-out, if the opt-out mechanism is too confusing to use, or if they don’t honor your opt-out preference signal, CalPrivacy recommends avoiding that website. It could be a sign that they are not respecting consumers’ privacy rights and therefore may not be properly protecting your personal information.

What’s in a Privacy Policy?

In our busy lives, most of us don’t have time to read a privacy policy. But knowing what a privacy policy should include can help you to identify potential websites that may not take your online privacy seriously.

Do not assume that a website protects your right to online privacy just because the business is a large, well-known corporation. CalPrivacy has taken enforcement actions against major retailers, such as Todd Snyder and Tractor Supply, and car manufacturers, such as Honda and Ford, for violating Californians’ privacy rights.

When you visit a website, look for the privacy policy, usually found through a link at the bottom of the page, and look for the following two things:

• Does the privacy policy explain that you have rights have over the information that the business collects about you?
• Does it describe how you can exercise those rights?
  • Does it provide a webform for opting out of sale/sharing?
  • Does it describe how it processes opt-out preference signals, like the Global Privacy Control?
  • Does it explain how to access, delete, or correct your personal information?

If the answer to any of these questions is no, the website may not be respecting your privacy rights as a Californian. Proceed with caution, or not at all, and file a complaint with CalPrivacy. 

Remember, you can use CTRL + F to search within the privacy policy for key terms instead of pouring through the privacy policy manually.

Pay Attention to Where Your Data is Going

The privacy policy should tell you how the business uses your information and whether it sells or shares your personal information. Review the privacy policy before giving any personal information to a business and make sure you exercise your rights over how that data is used and shared.

For example, if a website asks you to provide a lot of personal information, you may want to exercise your right to opt-out of the sale and sharing of your information. And if you’re really uncomfortable with what the data they are asking for, you can walk away and choose not to do business with them.

More Privacy Tips to Keep You Safe Online

If you haven’t already, check out CalPrivacy’s tips page, loaded with privacy and cybersecurity tips this National Internet Safety Month. For example, learn how to delete your data from hundreds of data brokers by submitting a DROP request. Protecting your personal information starts with you, and CalPrivacy is here to help make it easier.