US retailers rush to comply with California privacy law
US retailers including Walmart will add “Do Not Sell My Info” links to their websites and signage in stores starting Jan. 1, allowing California shoppers to understand for the first time what personal and other data the retailers collect, sources said.
Others like Home Depot will allow shoppers not just in California but around the country to access such information online. At its California stores, Home Depot will add signs, offer QR codes so shoppers can look up information using their mobile devices and train store employees to answer questions.
Large US retailers are rushing to comply with a new law, the California Consumer Privacy Act (CCPA), which becomes effective at the start of 2020 and is one of the most significant regulations overseeing the data collection practices of US companies. It lets shoppers opt out of allowing retailers and other companies to sell personal data to third parties.
In addition to retailers, the law affects a broad swath of firms including social media platforms such as Facebook and Alphabet’s Google, advertisers, app developers, mobile service providers and streaming TV services, and is likely to overhaul the way companies benefit from the use of personal information.
The law follows Europe’s controversial General Data Protection Regulation, which set a new standard for how companies collect, store and use personal data. The European law gave companies years to comply while CCPA has given them a few months.
Draft regulations around the law were released in October. Retailers did not anticipate having to add signs in their stores, which are required by the regulations but were not part of the original statute. Requiring signs in stores is not an effective use of retailers’ dollars, said Nicholas Ahrens, a vice president at the Retail Industry Leaders Association, who leads its tech policy.
A Walmart source with knowledge of the matter told Reuters the company is “working through a lot of ambiguities in the law, for example, the language around loyalty programmes and if retail companies can offer them going forward.”
There is also lack of clarity on what constitutes “sale” of information, retail lobbyists and attorneys advising retailers said.
Walmart spokesman Dan Toporek said the retailer supports efforts that give customers control of their information.
Home Depot spokeswoman Sara Gorman said the California law introduces new requirements but does not change the company’s “deliberate approach to customer data and privacy.”
Target spokeswoman Jessica Carlson said a “Do Not Sell” button on its website, will be visible to all US shoppers and California residents will have access to information outlined under the new law. Target already allows its shoppers to opt out of sharing their information with third parties for marketing purposes, she said.
Amazon.com Inc is taking a different approach. We do not plan to put a “Do not sell” button on our website because Amazon is not in the business of selling customers’ personal data and it never has been,” a company spokeswoman said in a statement.
Amazon will launch a revised privacy notice and will review the final regulations to “understand what signage may be required to inform customers how to find the privacy notice” at its stores, the spokeswoman added.