California’s new privacy laws may trigger a wave
On Jan. 1, California became the first state to pass a comprehensive law giving consumers more control of their digital data.
- Requires businesses to give consumers all the information they collect about them and what they do with it, free of charge.
- Requires businesses to delete collected information on an individual, if asked. Requests can be denied in some cases, such as if the data is necessary to complete a transaction.
- Requires businesses selling personal information to create a “Do Not Sell My Personal Information” button on their homepage to provide a simple way to opt out.
- Prevents businesses from retaliating against those opting out by increasing prices or reducing service offerings. “Financial incentives” can be offered to those allowing data collection.
- Allows individuals to sue companies that allow their personal information to be accessed or stolen through a data breach.
- Forbids businesses from selling the personal information of children under age 16 unless the parent (of children under age 13) or the child (age 13 to 16) opt in.
Purchase histories, location tracking and demographic data, including religion, ethnicity and sexual orientation, are important needs for marketers doing targeted ads.
Updating privacy policies, upgrading cyber insurance policies and setting up systems to handle data requests are expected to be a burden for smaller businesses. One particular challenge is that the law broadly defines data sales to cover almost any information sharing that benefits companies.
Some companies, including Microsoft and Mozilla, are extending the guidelines to all U.S. customers, although some experts warn extending protections to other states may create unnecessary liabilities. Other states are working on similar laws and tech giants are calling for a federal law.
A big unknown is whether consumers will take the initiative to request, opt out or file for damages if their data is compromised. Europe’s tougher GDPR privacy law, which became effective in May 2018, has seen relatively few consumers take action. Chris May, who focuses on corporate risk for Deloitte, told Fortune, “Is this a big deal for thousands or hundreds of thousands or millions of people? We don’t know yet.”
- The California Consumer Privacy Act officially takes effect today – TechCrunch
- California’s privacy law arrives to confusion and costs for businesses – Financial Times
- The California Consumer Privacy Act officially takes effect today – The Verge
- New California Law Giving Consumers Control Over Their Data Sets Off a Scramble – Fortune
- Historic California data privacy measure leaves companies scrambling – The Hill
- Calif. vastly expands digital privacy. Will people use it? – The Associated Press/San Francisco Chronicle
DISCUSSION QUESTIONS: Are California’s privacy laws good or bad for retailers? How will they affect marketers’ ability to offer personalization? Do you expect many consumers to take advantage of such laws, and will the trend spread across the U.S.?