'Do Not Sell My Info': U.S. retailers rush to comply
with California's new privacy law
Send a link to a friend
[December 30, 2019] By
Nandita Bose
WASHINGTON (Reuters) - U.S. retailers
including Walmart Inc will add "Do Not Sell My Info" links to their
websites and signage in stores starting Jan. 1, allowing California
shoppers to understand for the first time what personal and other data
the retailers collect, sources said.
Others like Home Depot will allow shoppers not just in California but
around the country to access such information online. At its California
stores, Home Depot will add signage, offer QR codes so shoppers can look
up information using their mobile devices and train store employees to
answer questions.
Large U.S retailers are rushing to comply with a new law, the California
Consumer Privacy Act (CCPA), which becomes effective at the start of
2020 and is one of the most significant regulations overseeing the data
collection practices of U.S. companies. It lets shoppers to opt out of
allowing retailers and other companies to sell personal data to third
parties.
In addition to retailers, the law affects a broad swath of firms
including social media platforms such as Facebook and Alphabet's Google,
advertisers, app developers, mobile service providers and streaming TV
services, and is likely to overhaul the way companies benefit from the
use of personal information. The law follows Europe's controversial
General Data Protection Regulation, which set a new standard for how
companies collect, store and use personal data. The European law gave
companies years to comply while CCPA has given them a few months.
Draft regulations around the law were only released in October.
Retailers did not anticipate having to add signs in their stores, which
are required by the regulations but were not part of the original
statute, and it is not an effective use of dollars, said Nicholas
Ahrens, a vice president at the Retail Industry Leaders Association, who
leads their tech policy.
A Walmart source with knowledge of the matter told Reuters the company
is "working through a lot of ambiguities in the law, for example, the
language around loyalty programs and if retail companies can offer them
going forward."
There is also lack of clarity on what constitutes "sale" of information,
retail lobbyists and attorneys advising retailers said.
Walmart spokesman Dan Toporek said the retailer supports efforts that
gives customers control of their information.
Home Depot spokeswoman Sara Gorman said the California law introduces
new requirements but does not change the company's "deliberate approach
to customer data and privacy."
Target spokeswoman Jessica Carlson said a "Do Not Sell" button on its
website, will be visible to all U.S. shoppers and California residents
will have access to information outlined under the new law. Target
already allows its shoppers to opt out of sharing their information with
third parties for marketing purposes, she said.
[to top of second column] |
An empty shopping cart stands outside a target store during a Black
Friday sales event in Westbury, New York, U.S., November 23, 2018.
REUTERS/Shannon Stapleton/File Photo
Amazon.com Inc is taking a different approach. We do not plan to put a "Do not
sell" button on our website because Amazon is not in the business of selling
customers' personal data and it never has been," a company spokeswoman said in a
statement.
Amazon will launch a revised privacy notice and will review the final
regulations to "understand what signage may be required to inform customers how
to find the privacy notice" at its stores, the spokeswoman added.
DELETE MY DATA
Some national chains such as Sherwin-Williams, which sells paints and coatings,
have already begun adding links on their websites in California, Reuters has
found. The company did not respond to requests for comment.
Both Walmart and Amazon have ramped up investments in drawing out "data maps" in
the past few months, which lets them collate the extent of personal information
collected by different business units, where and how this information is stored,
what they do with it and who it is shared with, sources said.
A Walmart source said the company's different business teams including
technology, marketing, advertising, payments and security are investing
resources in auditing and making decisions on how to respond to requests from
customers to see their data or those who ask for it to be deleted.
An economic impact assessment prepared for the California Attorney General's
office by an independent research firm found compliance with the regulations
will cost businesses between $467 million and $16.5 billion between 2020 and
2030. Industry estimates peg initial compliance costs at over $50 billion.
The California Attorney General recently told Reuters in an interview that
privacy law enforcement will look kindly on those that demonstrate an effort to
comply.
But sources told Reuters they expect plaintiff attorneys to bring lawsuits in
the new year against a range of businesses that may fail to meet the law's
requirements.
Many companies affected by the law have lobbied extensively for a federal
privacy bill that might override the law in California. But their efforts have
so far made little progress.
(Reporting by Nandita Bose in Washington; Editing by Vanessa O'Connell andn
Steve Orlofsky)
[© 2019 Thomson Reuters. All rights
reserved.] Copyright 2019 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content. |