If you suddenly start seeing ‘Do not sell my info’ links on websites, don’t be surprised: it’s all part of a rush to comply with a new Californian privacy law due to take effect on January 1st…
We noted last week that the California Consumer Privacy Act (CCPA) is about to become law, with other states looking to use this as a blueprint for their own privacy laws. Today Reuters reports on one step companies are taking to comply.
U.S. retailers including Walmart Inc will add “Do Not Sell My Info” links to their websites and signage in stores starting Jan. 1, allowing California shoppers to understand for the first time what personal and other data the retailers collect, sources said.
Others like Home Depot will allow shoppers not just in California but around the country to access such information online. At its California stores, Home Depot will add signage, offer QR codes so shoppers can look up information using their mobile devices and train store employees to answer questions […]
Target spokeswoman Jessica Carlson said a “Do Not Sell” button on its website, will be visible to all U.S. shoppers and California residents will have access to information outlined under the new law. Target already allows its shoppers to opt out of sharing their information with third parties for marketing purposes, she said.
Amazon.com Inc is taking a different approach. We do not plan to put a “Do not sell” button on our website because Amazon is not in the business of selling customers’ personal data and it never has been,” a company spokeswoman said in a statement.
Some companies say they are struggling to interpret ambiguities in the law, with some wondering whether it will even be legal to continue to offer rewards programs.
A Walmart source with knowledge of the matter told Reuters the company is “working through a lot of ambiguities in the law, for example, the language around loyalty programs and if retail companies can offer them going forward.”
It seems unlikely these would be outlawed, as CCPA, like Europe’s GDPR laws, is geared to offering customers choice about how their data is used.
Tech giants and other large companies have been lobbying for a federal privacy law to override state ones, as it would be far cheaper to comply with a single, nationwide law than up to 50 different ones. Little progress has yet been made on this, however.
I’ve long argued that the sensible approach would be to simply mirror GDPR requirements so that companies would have a single (high) standard to meet worldwide.
FTC: We use income earning auto affiliate links. More.