California's New Consumer Privacy Law Facing Backlash From Retailers

California’s new consumer privacy law is facing a backlash from businesses, including retailers, across the U.S. that contend the law will hurt their businesses, according to a report in The Wall Street Journal. The California Consumer Privacy Act of 2018 grants consumers more control over and insight into the spread of their personal information online, creating one of the most significant regulations overseeing the data collection practices of companies in the U.S. The new law, which goes into effect January 2020, grants consumers the right to know what information companies are collecting about them, why they're collecting that data, and with whom they're sharing it. It gives consumers the right to tell companies to delete their information as well as to not sell or share their data. The law also makes it more difficult to share or sell data on children younger than 16. Finally, it makes it easier for consumers to sue companies after a data breach, and gives the state’s attorney general more authority to fine companies that don’t adhere to the new regulations.

According to the WSJ article, businesses, including many retailers, are either struggling to figure out what they need to do to abide by the law, or gearing up to make a big lobbying effort to get the law changed before it goes into effect. David French, senior vice president of government relations at the National Retail Federation, told the WSJ that under the law customers who opt out of data sharing have to be treated the same as those that share data, which could spell the demise of loyalty programs. French also said other personalized marketing campaigns and apps that use location data could also be at risk of going away thanks to the law. “The consumer will actually be the big loser,” French said.

Total Retail's Take: We will be watching the developments around this legislation and how it shakes out. Right now, there's a lot of anxious companies, including retailers. Many companies believe the law was cobbled together and passed in just three months as a reaction to Facebook’s data breach — in which now-defunct political consulting firm Cambridge Analytica accessed data on 87 million Facebook users without their consent — and other recent breaches. (By comparison, Europe’s similar GDPR regulation took about four years to gain approval.) Also, businesses are concerned that the bill could have a profound, and still unclear, affect on companies not just in California, but in other states as well.