Dangerous Vagueness in CA Do-Not-Track Bill

THERE’S A PRIVACY BILL ZOOMING AROUND THE CALIFORNIA STATE LEGISLATURE (SB 761) designed to restrict website operators from making malicious changes to visitors’ computer settings. The bill further prohibits site operators from collecting, storing and transferring data gathered surreptitiously online, such as through cookies, and requires opt-out mechanisms.

I have no problem with the first part, although it’s probably more toothless and feel-good than practical: Offshore miscreants won’t give a damn about the state of California shaking its finger at them, and legitimate businesses walk the line when it comes to computer privacy.

But there are a few casual sentences and phrases in the bill which, due to their vagueness, could potentially be killers of the marketing data industry.

Consider the line, “The bill would, to the extent consistent with federal law, prohibit a covered entity from selling, sharing or transferring a consumer’s covered information.”

That’s nebulous — and terrifying — because while “consumer’s covered information” is specified, the phrase “transferring” isn’t. In the mind of the wrong ticked-off district attorney, or consumer advocate, or shotgun-suing law firm, it could be construed that any information collected online — even a postal address, which falls under the “covered information” definition — can’t be shared.

Shared with whom? one might ask. How about a response list management company? Or a data compiler? Or a data hygiene service firm? Or a mail house?

One interpretation is that any sale — or requestor-based data gathered from consumers through online channels — would be off the table for marketer use, if the marketer needs a third party to help it get its messages out.

There is no indication within the bill that these inadvertent restrictions have been considered. And in light of the recent Epsilon incident and others, selling legislators on the value of transferring consumer information to third parties is going to be a hard pitch.

What’s more, the burden of determining which consumers are from California would be placed on the data-collecting entity, which means each would have to collect more information than it otherwise might have.

If there is a saving grace to the bill, it’s that it is opt-out, as opposed to opt in. But it’s not clear whether that includes the transferring of information or, as is more likely, merely the data collection practices.

BLOGBIT What have you been missing on the Big Fat Marketing blog? Here’s a recent post from Chief Marketer senior writer RICHARD H. LEVEY

Partner Content

Hincapie Sportswear Finds Omnichannel Success in the Cloud - Netsuite
For more and more companies, a cloud-based unified data solution is the way to make this happen. Custom cycling apparel maker Hincapie Sportswear has leveraged this capability to gain greater visibility into revenue streams, turning opportunities into sales more quickly while gaining overall operating efficiency. Download this ecommerce special report from Multichannel Merchant to more.
The Gift of Wow: Preparing your store for the holiday season - Netsuite
Being prepared for the holiday rush used to mean stocking shelves and making sure your associates were ready for the long hours. But the digital revolution has changed everything, most importantly, customer expectations. Retailers with a physical store presence should be asking themselves—what am I doing to wow the customer?
3 Critical Components to Achieving the Perfect Order - NetSuite
Explore the 3 critical components to delivering the perfect order.
Streamlining Unified Commerce Complexity - NetSuite
Explore how consolidating multiple systems through a cloud-based commerce platform provides a seamless experience for both you, and your customer.