22575.1.

 (a) An operator of a mobile application shall provide clear and conspicuous notice that fully informs consumers when, how, and why their geolocation information will be collected, used, and shared upon installation of the application.

(b) An operator of a mobile application shall obtain a user’s affirmative express consent before collecting or using the user’s geolocation information. The operator shall separately obtain the user’s affirmative express consent before disclosing the user’s geolocation information.

22577.

 For the purposes of this chapter, the following definitions apply:

(a) The term “personally identifiable information” means individually identifiable information about an individual consumer collected online by the operator from that individual and maintained by the operator in an accessible form, including any of the following:

(1) A first and last name.

(2) A home or other physical address, including street name and name of a city or town.

(3) An e-mail email address.

(4) A telephone number.

(5) A social security number.

(6) Any other identifier that permits the physical or online contacting of a specific individual.

(7) Information concerning a user that the Internet Web site or online service collects online from the user and maintains in personally identifiable form in combination with an identifier described in this subdivision.

(b) The term “conspicuously post” with respect to a privacy policy shall include posting the privacy policy through any of the following:

(1) A Web page on which the actual privacy policy is posted if the Internet Web page is the homepage or first significant page after entering the Internet Web site.

(2) An icon that hyperlinks to a an Internet Web page on which the actual privacy policy is posted, if the icon is located on the homepage or the first significant page after entering the Internet Web site, and if the icon contains the word “privacy.” The icon shall also use a color that contrasts with the background color of the Internet Web page or is otherwise distinguishable.

(3) A text link that hyperlinks to a an Internet Web page on which the actual privacy policy is posted, if the text link is located on the homepage or first significant page after entering the Internet Web site, and if the text link does one of the following:

(A) Includes the word “privacy.”

(B) Is written in capital letters equal to or greater in size than the surrounding text.

(C) Is written in larger type than the surrounding text, or in contrasting type, font, or color to the surrounding text of the same size, or set off from the surrounding text of the same size by symbols or other marks that call attention to the language.

(4) Any other functional hyperlink that is so displayed that a reasonable person would notice it.

(5) In the case of an online service, any other reasonably accessible means of making the privacy policy available for consumers of the online service.

(c) The term “operator” means any person or entity that owns a an Internet Web site located on the Internet or an online service, including a mobile application, that collects and maintains personally identifiable information from a consumer residing in California who uses or visits the Internet Web site or online service if the Internet Web site or online service is operated for commercial purposes. It does not include any third party that operates, hosts, or manages, but does not own, a an Internet Web site or online service on the owner’s behalf or by processing information on behalf of the owner.

(d) The term “consumer” means any individual who seeks or acquires, by purchase or lease, any goods, services, money, or credit for personal, family, or household purposes.