New CA Privacy Law Requires Retailers To Disclose Data Collection

CA Law Requires Retailers To Share Data Practices

A new law in California requires companies to explain exactly what customer information, if any, is being sold to third parties, according to a report by Reuters.

The new law goes into effect on Jan. 1. Retailers are rushing to achieve compliance, adding links to websites with “Do Not Sell My Info” buttons and creating signage in stores to the same effect.

The law is meant to give shoppers insight into exactly what information retailers collect and how they use it, as well as to let them opt-out of letting companies sell their data.

Home Depot will post signs in stores across the U.S., and in California, the retailer will provide QR codes to let shoppers retrieve the information on their phones.

The law, called the California Consumer Privacy Act (CCPA), is one of the most significant changes ever made to the way data is collected by U.S. companies.

The legislation will also affect companies like Facebook and Google, as well as mobile service providers, streaming services, app makers and more.

The law is similar to Europe’s General Data Protection Regulation (GDPR), which broadly changed the way companies in the region were allowed to deal with customer data. However, that law gave companies years to catch up with the legislation, whereas the new California law expects companies to be ready for compliance in months.

While the regulations surrounding the law were released to the public in October, the signage requirement was not part of the original statute and was added later.

Some retailers are saying compliance will be difficult because of the law’s unclear language. A Walmart source told Reuters that the company is “working through a lot of ambiguities in the law – for example, the language around loyalty programs and [whether] retail companies can offer them going forward.”