By Brian Shin
A few years ago, Target developed predictive scores based on customer purchases and sent out targeted coupons. Of the many predictive scores, Target developed a pregnancy score and sent baby coupons to a certain high school student. Her father saw the coupons for baby clothes and cribs and was outraged. He called Target angry accusing Target of encouraging his daughter to have children. He later called to apologize because Target was right, she was pregnant.
Target has since changed the way they send out targeted coupons to make it feel less creepy. However, like just about every other corporation, they continue to gather our data in an effort to deliver targeted products, services, and content.
Up until 2020, consumers had no idea what kind of personal information was being collected and sold. California Assembly Bill 375 passed in June 2018 and became effective as of 2020. California is the only state with this law, and industry experts believe that other states will soon follow.
Assembly Bill 375, known as the California Consumer Privacy Act (CCPA), applies to any consumer data collecting company with annual revenues of at least $25 million or that earns more than half of their revenue from the sale of user data. In other words, from now on, consumers will be able to know what information companies have gathered about them and what data they are selling to third parties.
Under the CCPA, California consumers now have the right to request a business disclose the categories and specific pieces of personal data collected, request a business delete the data collected, and request that their information not be sold.
Finding out what information companies are gathering about you is not as easy as one might think. You cannot click a link in your user profile and see details about how your information being utilized or sold. Instead, users have to go looking for the California privacy link or the CCPA on the company’s site. Once found, the pages outline what your rights are and what information they collect, but they do not show you your data. Requesting action on your specific data takes time and is usually done by a web form or downloadable form that the consumer is required to submit via regular mail.
Consumers now also have to right to demand that all of their data be deleted. This may sound like a great option, but it has a major consequences. When a user requests that their information be deleted, they do not merely lose all of their data. Their account is completely deleted as well. If a consumer is concerned about the sale of their information but wishes to continue to use the business, instead of deletion, the consumer should just request that their information not be sold.
Concerned consumers should thoughtfully make their privacy settings for each business, site, or app they use. There are no centralized privacy preference databases (yet). Therefore, consumers must be vigilant and go through sometimes laborious processes to ensure their data privacy is handled according to their wishes.
Brian Shin is CEO of OG Digital