clock menu more-arrow no yes

Filed under:

Next time you see a ‘Do Not Sell My Personal Information’ button online, click it


A new California law means good things for all of us when it comes to privacy.

Over the past week, companies have flooded my inbox with updated privacy policies. Each one’s synopsis tells me they are becoming more transparent when it comes to what information they collect on me, how they use it and whether they sell it. No doubt Chick-fil-A, Minted, Groupon and other businesses I use online are hustling to get compliant with a new privacy law that went into effect in California this week.

Why do I care if a law passed in California?

We live in a borderless digital economy, so when a huge state like California passes a landmark law regarding what is required of online companies there, it effects me wherever I live. And I’m grateful. Thank you California.

The The California Consumer Privacy Act (CCPA) gives California residents the right to know what data companies collect about them. It also allows them to ask companies not to sell that data and to completely delete it. This information includes things like your name, address, password, biometrics and any demographical information.

It gives the people of California the right to opt-out of the sale of their personal information. And it gives extra protection to kids. Children under the age of 16 have to opt-in and give explicit permission to a company to sell their data. And parents of kids under age 13 will have to give consent for the sale of that child’s information.

This law applies to companies that buy or sell data on at least 50,000 California residents each year (the state has a population of nearly 40 million), businesses with gross annual revenues above $25 million, or those that make at least half of their annual revenues from selling consumers’ personal information.

This is going to effect a lot of companies.

If businesses don’t comply, the state will fine them $2500 per violation and $7500 if the California Attorney General finds the violation to be intentional. You can see why so many companies were on the ball to get their policies in order for this.

Businesses have to notify consumers before or at the time of data collection which leads me to the best part. These companies are required to put a “Do Not Sell My Info” link on their websites. Companies that don’t want to figure out which of its users are from California will make this option available to all of us (I’ve already seen it on several websites).

It’s a lot of work for companies to create completely unique policies for Californians, so it’s likely they will extend some of these privacy rights to everyone instead. That means all of us will benefit from this law. Microsoft, Firefox and other companies have already said they will bring CCPS to life for all users, not just those in California.

So while we may not have the right to sue under the California law, we will all have more knowledge of what data these companies are collecting on us and whether they’re selling it. Make sure to look for that “Do Not Sell My Info” link in case you’d like to opt-out.

If you do, that doesn’t necessarily mean the company won’t collect data on you, it could simply mean your name won’t be attached to the information. It will be anonymized. The CCPA still allows data collection to happen that way.

If you opt-out, plan on seeing fewer hyper-targeted ads. Have you ever put a pair of shoes in your online shopping cart, but decide not to purchase at that time? No doubt you see an ad soon thereafter for those exact shoes, or one reminding you it’s not too late to still grab those beauties. That’s not likely to happen if you opt-out with the “Do Not Sell My Info” link on a website.

It will take some time to click on that link on every website you use and figure out what rights you have. I’ve started clicking on it with each new website I visit. With Groupon, the link was at the bottom of the page and took one click to opt-out. I had the same option on Hulu to click and opt-out of the sale of personal information. But the option to delete personal information came with a price. I would have had to completely delete my account. I didn’t.

The best case scenario in all of this would include a universal privacy law. The European Union enacted the General Data Protection Regulation last year that protects the personal data of all EU citizens. And while many other U.S. states are considering similar privacy laws to California’s, my hope is that the CCPA encourages Congress to get busy on a federal version that would assure all Americans these rights.