Kathryn Cahoy, Libbie Canter, Natalie Dugan, and Conor Kane of Covington and Burling write:
The New York Office of Attorney General (OAG) recently published guidance for website privacy controls. Although New York does not have a comprehensive privacy law, business’ privacy-related practices and statements may be subject to New York’s consumer protection laws, which generally prohibit businesses from engaging in deceptive acts and practices. Accordingly, the OAG noted that “statements about when and how website visitors are tracked should be accurate, and privacy controls should work as described.”
Specifically, the OAG stated that representations about privacy controls must be accurate and not misleading, and companies should ensure that privacy controls work properly and as described. The OAG also cautioned against implying that visitors can opt into the use of cookies and similar technologies if that is not the case.
Read more at InsidePrivacy.