'Do Not Sell My Info': U.S. retailers rush to comply with California's
new privacy law
Send a link to a friend
 [December 30, 2019]
By Nandita Bose
WASHINGTON (Reuters) - U.S. retailers
including Walmart Inc will add "Do Not Sell My Info" links to their
websites and signage in stores starting Jan. 1, allowing California
shoppers to understand for the first time what personal and other data
the retailers collect, sources said.
Others like Home Depot will allow shoppers not just in California but
around the country to access such information online. At its California
stores, Home Depot will add signage, offer QR codes so shoppers can look
up information using their mobile devices and train store employees to
answer questions.
Large U.S retailers are rushing to comply with a new law, the California
Consumer Privacy Act (CCPA), which becomes effective at the start of
2020 and is one of the most significant regulations overseeing the data
collection practices of U.S. companies. It lets shoppers to opt out of
allowing retailers and other companies to sell personal data to third
parties.
In addition to retailers, the law affects a broad swath of firms
including social media platforms such as Facebook and Alphabet's Google,
advertisers, app developers, mobile service providers and streaming TV
services, and is likely to overhaul the way companies benefit from the
use of personal information. The law follows Europe's controversial
General Data Protection Regulation, which set a new standard for how
companies collect, store and use personal data. The European law gave
companies years to comply while CCPA has given them a few months.
Draft regulations around the law were only released in October.
Retailers did not anticipate having to add signs in their stores, which
are required by the regulations but were not part of the original
statute, and it is not an effective use of dollars, said Nicholas
Ahrens, a vice president at the Retail Industry Leaders Association, who
leads their tech policy.
A Walmart source with knowledge of the matter told Reuters the company
is "working through a lot of ambiguities in the law, for example, the
language around loyalty programs and if retail companies can offer them
going forward."
There is also lack of clarity on what constitutes "sale" of information,
retail lobbyists and attorneys advising retailers said.
Walmart spokesman Dan Toporek said the retailer supports efforts that
gives customers control of their information.
Home Depot spokeswoman Sara Gorman said the California law introduces
new requirements but does not change the company's "deliberate approach
to customer data and privacy."
Target spokeswoman Jessica Carlson said a "Do Not Sell" button on its
website, will be visible to all U.S. shoppers and California residents
will have access to information outlined under the new law. Target
already allows its shoppers to opt out of sharing their information with
third parties for marketing purposes, she said.
[to top of second column]
|
An empty shopping cart stands outside a target store during a Black
Friday sales event in Westbury, New York, U.S., November 23, 2018.
REUTERS/Shannon Stapleton/File Photo
Amazon.com Inc is taking a different approach. We do not plan to put
a "Do not sell" button on our website because Amazon is not in the
business of selling customers' personal data and it never has been,"
a company spokeswoman said in a statement.
Amazon will launch a revised privacy notice and will review the
final regulations to "understand what signage may be required to
inform customers how to find the privacy notice" at its stores, the
spokeswoman added.
DELETE MY DATA
Some national chains such as Sherwin-Williams, which sells paints
and coatings, have already begun adding links on their websites in
California, Reuters has found. The company did not respond to
requests for comment.
Both Walmart and Amazon have ramped up investments in drawing out
"data maps" in the past few months, which lets them collate the
extent of personal information collected by different business
units, where and how this information is stored, what they do with
it and who it is shared with, sources said.
A Walmart source said the company's different business teams
including technology, marketing, advertising, payments and security
are investing resources in auditing and making decisions on how to
respond to requests from customers to see their data or those who
ask for it to be deleted.
An economic impact assessment prepared for the California Attorney
General's office by an independent research firm found compliance
with the regulations will cost businesses between $467 million and
$16.5 billion between 2020 and 2030. Industry estimates peg initial
compliance costs at over $50 billion.
The California Attorney General recently told Reuters in an
interview that privacy law enforcement will look kindly on those
that demonstrate an effort to comply.
But sources told Reuters they expect plaintiff attorneys to bring
lawsuits in the new year against a range of businesses that may fail
to meet the law's requirements.
Many companies affected by the law have lobbied extensively for a
federal privacy bill that might override the law in California. But
their efforts have so far made little progress.
(Reporting by Nandita Bose in Washington; Editing by Vanessa
O'Connell andn Steve Orlofsky)
[© 2019 Thomson Reuters. All rights
reserved.]
Copyright 2019 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content. |
