The National Retail Federation is calling new state privacy legislation signed into law in California yesterday “deeply flawed” and said customer service could be severely hampered if the legislature fails to address retailers’ concerns before the measure takes effect in 2020.
The law prohibits retailers from treating customers who opt out of data sharing any differently from those who do not, a provision that could put an end to retail loyalty programs that offer discounts to members. Consumers could also demand that their information be erased, and retailers are concerned by other provisions involving data breach requirements, definitions of personal information, transparency and consumer access to data.
“This law is objectionable on many levels,” said David French, NRF SVP for government relations. “This is a deeply flawed measure aimed more at lining the pockets of attorneys than protecting consumers. It will expose businesses to unwarranted lawsuits while potentially taking away many of the innovations and special services consumers have come to expect.
“Retailers strive to protect their customers’ data, but data is the backbone of any good retail business,” French continued. “Knowing how often your customers shop, what brands and styles they prefer and how much they can afford to spend helps you serve their needs. Whether it’s a preview sale on new offerings, letting them know you have their size back in stock or loyalty programs that offer discounts, these are all services that shoppers value. Under this law, those services could go away, and California’s consumers will want to know who’s to blame.”
NRF was among 29 state and national business groups that sent a letter to members of the California Assembly and Senate in late June calling the legislation “a serious threat to the California economy.”
“The business community has been and remains interested in and dedicated to crafting reasonable privacy legislation,” the letter said. “We strongly urge the legislature to consider the numerous problems presented by this bill and to fix them as we move forward.”
The California Data Privacy Protection Act was passed as an alternative to a ballot initiative that had been certified for November’s elections. The ballot initiative would have become law immediately after Election Day, but the legislation does not take effect until Jan. 1, 2020, giving opponents time to seek changes in the legislature.
The legislation places sweeping restrictions on how retailers and other businesses can collect and use information about their customers. Among other provisions, it would allow private citizens to sue retailers in addition to allowing enforcement by state authorities, a move the letter called a “giveaway to trial lawyers” that “exposes California businesses to massive additional liability without providing any corresponding benefit to consumers.”