NRF at odds with California privacy law
California has passed the nation’s toughest data privacy law — and a leading retail association is not happy with it.
The National Retail Federation called the California Consumer Privacy Act of 2018, signed by Gov. Jerry Brown into law, “deeply flawed” and said customer service could be severely hampered if the legislature fails to address retailers’ concerns before the measure takes effect in 2020.
“This law is objectionable on many levels,” said David French, NRF senior VP for government relations. “This is a deeply flawed measure aimed more at lining the pockets of attorneys than protecting consumers. It will expose businesses to unwarranted lawsuits while potentially taking away many of the innovations and special services consumers have come to expect.”
The law, which follows the recent rollout of the European Union’s General Data Protection Regulation (GDPR), gives consumers more control over and insight into the spread of their personal information online, putting into place major regulations on the data-collection practices of U.S. technology companies. Upon request, companies will be required to tell customers what personal data they’ve collected, why it was collected and what categories of third parties have received it. It also makes it easier for consumers to sue companies after a data breach.
Calling data the “the backbone of any good retail business,” French said that “knowing how often your customers shop, what brands and styles they prefer and how much they can afford to spend helps you serve their needs.
“Whether it’s a preview sale on new offerings, letting them know you have their size back in stock or loyalty programs that offer discounts, these are all services that shoppers value,” he added. “Under this law, those services could go away, and California’s consumers will want to know who’s to blame.”
NRF was among 29 state and national business groups that sent a letter to members of the California Assembly and Senate calling the legislation “a serious threat to the California economy.”
“The business community has been and remains interested in and dedicated to crafting reasonable privacy legislation,” the letter said. “We strongly urge the legislature to consider the numerous problems presented by this bill and to fix them as we move forward.”
The California Consumer Privacy Act was passed as an alternative to a ballot initiative that had been certified for November’s elections. The ballot initiative would have become law immediately after Election Day, but the legislation does not take effect until January 1, 2020, giving opponents time to seek changes in the legislature.
Among other provisions, the law would allow private citizens to sue retailers in addition to allowing enforcement by state authorities, a move the letter called a “giveaway to trial lawyers” that “exposes California businesses to massive additional liability without providing any corresponding benefit to consumers, according to the NRF.
The law prohibits retailers from treating customers who opt out of data sharing any differently from those who do not, a provision that could put an end to retail loyalty programs that offer discounts to members. Consumers could also demand that their information be erased, and retailers are concerned by other provisions involving data breach requirements, definitions of personal information, transparency and consumer access to data.
The National Retail Federation called the California Consumer Privacy Act of 2018, signed by Gov. Jerry Brown into law, “deeply flawed” and said customer service could be severely hampered if the legislature fails to address retailers’ concerns before the measure takes effect in 2020.
“This law is objectionable on many levels,” said David French, NRF senior VP for government relations. “This is a deeply flawed measure aimed more at lining the pockets of attorneys than protecting consumers. It will expose businesses to unwarranted lawsuits while potentially taking away many of the innovations and special services consumers have come to expect.”
The law, which follows the recent rollout of the European Union’s General Data Protection Regulation (GDPR), gives consumers more control over and insight into the spread of their personal information online, putting into place major regulations on the data-collection practices of U.S. technology companies. Upon request, companies will be required to tell customers what personal data they’ve collected, why it was collected and what categories of third parties have received it. It also makes it easier for consumers to sue companies after a data breach.
Calling data the “the backbone of any good retail business,” French said that “knowing how often your customers shop, what brands and styles they prefer and how much they can afford to spend helps you serve their needs.
“Whether it’s a preview sale on new offerings, letting them know you have their size back in stock or loyalty programs that offer discounts, these are all services that shoppers value,” he added. “Under this law, those services could go away, and California’s consumers will want to know who’s to blame.”
NRF was among 29 state and national business groups that sent a letter to members of the California Assembly and Senate calling the legislation “a serious threat to the California economy.”
“The business community has been and remains interested in and dedicated to crafting reasonable privacy legislation,” the letter said. “We strongly urge the legislature to consider the numerous problems presented by this bill and to fix them as we move forward.”
The California Consumer Privacy Act was passed as an alternative to a ballot initiative that had been certified for November’s elections. The ballot initiative would have become law immediately after Election Day, but the legislation does not take effect until January 1, 2020, giving opponents time to seek changes in the legislature.
Among other provisions, the law would allow private citizens to sue retailers in addition to allowing enforcement by state authorities, a move the letter called a “giveaway to trial lawyers” that “exposes California businesses to massive additional liability without providing any corresponding benefit to consumers, according to the NRF.
The law prohibits retailers from treating customers who opt out of data sharing any differently from those who do not, a provision that could put an end to retail loyalty programs that offer discounts to members. Consumers could also demand that their information be erased, and retailers are concerned by other provisions involving data breach requirements, definitions of personal information, transparency and consumer access to data.