THERE’S A PRIVACY BILL ZOOMING AROUND THE CALIFORNIA STATE LEGISLATURE (SB 761) designed to restrict website operators from making malicious changes to visitors’ computer settings. The bill further prohibits site operators from collecting, storing and transferring data gathered surreptitiously online, such as through cookies, and requires opt-out mechanisms.
I have no problem with the first part, although it’s probably more toothless and feel-good than practical: Offshore miscreants won’t give a damn about the state of California shaking its finger at them, and legitimate businesses walk the line when it comes to computer privacy.
But there are a few casual sentences and phrases in the bill which, due to their vagueness, could potentially be killers of the marketing data industry.
Consider the line, “The bill would, to the extent consistent with federal law, prohibit a covered entity from selling, sharing or transferring a consumer’s covered information.”
That’s nebulous — and terrifying — because while “consumer’s covered information” is specified, the phrase “transferring” isn’t. In the mind of the wrong ticked-off district attorney, or consumer advocate, or shotgun-suing law firm, it could be construed that any information collected online — even a postal address, which falls under the “covered information” definition — can’t be shared.
Shared with whom? one might ask. How about a response list management company? Or a data compiler? Or a data hygiene service firm? Or a mail house?
One interpretation is that any sale — or requestor-based data gathered from consumers through online channels — would be off the table for marketer use, if the marketer needs a third party to help it get its messages out.
There is no indication within the bill that these inadvertent restrictions have been considered. And in light of the recent Epsilon incident and others, selling legislators on the value of transferring consumer information to third parties is going to be a hard pitch.
What’s more, the burden of determining which consumers are from California would be placed on the data-collecting entity, which means each would have to collect more information than it otherwise might have.
If there is a saving grace to the bill, it’s that it is opt-out, as opposed to opt in. But it’s not clear whether that includes the transferring of information or, as is more likely, merely the data collection practices.
BLOGBIT What have you been missing on the Big Fat Marketing blog? Here’s a recent post from Chief Marketer senior writer RICHARD H. LEVEY