• by Wendy Davis  @wendyndavis, March 11, 2019

California's new privacy law poses a threat to loyalty programs that give consumers discounts in exchange for their data, the Association of National Advertisers said late last week in comments submitted to the state Department of Justice.

The California Consumer Privacy Act, set to take effect next year, allows consumers to learn what personal information about them is held by businesses, request deletion of that information, and to opt out of its sale. The bill contains a provision prohibiting companies from charging higher prices to consumers who opt out of data collection and selling. But the measure also allows businesses to offer "financial incentives" to consumers who allow their data to be collected and sold -- provided that the incentives are related to the data's value.

The ANA is now calling on state Attorney General Xavier Becerra to issue regulations specifically providing that loyalty programs are permissible under the new law.

“Without clarification, many loyalty programs could cease altogether when the CCPA becomes effective,” the ANA writes in an 18-page letter sent on Friday.

California passed the measure last year, but in some ways it's still a work in progress. Partially, that's because California lawmakers tasked Becerra with crafting regulations implementing the new measure. He recently held a series of hearings across the state, at which ad industry representatives, privacy advocates and others weighed in on proposed revisions.

Last month, Becerra and state Senator Hannah-Beth Jackson introduced a bill that would expand the measure in ways that would make it less friendly to the industry. That proposal would allow consumers to sue companies that fail to provide consumers with their information, don't honor requests to refrain from selling the data, or violate other provisions of the law. Currently, the law only authorizes private lawsuits over data breaches caused by a company's failure to implement reasonable security.

Meanwhile, federal lawmakers are considering new nationwide legislation that could override California's bill. The Senate Judiciary Committee will hold a hearing Tuesday about privacy, with a focus on issues raised by California's law and Europe's GDPR.

In its Friday letter, the ANA makes numerous other requests for revisions in its comments. Among others, the organization wants the AG to clarify a portion of the related to opt-out requests. While the law generally requires companies to honor consumers' requests for deletion of their data, there are exceptions -- including one for data that is necessary in order to provide goods or services requested by consumers.

The ANA wants Becerra to say that exception applies to marketing messages that are “reasonably anticipated and can be provided within the context of a business’s ongoing business relationship with the consumer.” Subscription renewal messages would be one example, the ANA says.

The ANA also is asking Becerra to say that consumers can opt out from the sale of some data, but allow companies to continue to sell other data.

“Consumers may wish to make granular choices regarding the use and maintenance of their data, and a regulation clarifying that such granularity is permissible should be issued,” the ANA writes. “Paradoxically, failure to take this step may undermine privacy protections because a consumer may decide not to restrict any use of his data by a company if the consumer is only concerned about specific limited uses of his information.”