The effective date of the California Consumer Privacy Act (“CCPA”) is January 1, 2020. For businesses and stores in San Diego and California, a new era will commence with respect to their use of in-store video and other consumer tracking methods. One looming question is whether stores will have to cease in-store tracking and surveillance of their customers. There are already lawsuits filed in Illinois under the Illinois Biometric Privacy Act alleging that stores have failed to get consent for collecting facial recognition data and for disclosing that information without consent.

Walgreens pharmacies are a good example here. According to news reports, in some stores, Walgreens has installed a system of sensors and cameras near cooler doors to scan and record customers actions and choices with respect to cold drinks, ice creams, refrigerated foods, and related products. Walgreens then uses this data for marketing to the consumers and also shares the data with the product manufacturers and distributors. Walgreens is now facing a class action lawsuit over its use of such surveillance since, because it is claimed, Walgreens did not obtain the consent of its customers to collect the data or to share the data. See news report here. Similar lawsuits have been filed against a Chicago-area casino and against Home Depot and Lowe’s for collecting facial recognition data as part of their respective anti-shoplifting and anti-theft efforts. See news report here.

When the CCPA goes into effect, stores that collect biometric data have to disclose collection of the data and seek the consent of customers. That might be easy enough since stores should be able to post notices that the data is being collected. However, the CCPA has a provision where customers are arguably allowed to “opt out” of having their private, personally-identifiable data collected. As a practical matter, it may be impossible for a store to provide an “opt-out-button” for customers as they enter the store. This may be the reason that stores will have to stop using video surveillance.

Similarly, and most likely, stores will have to stop sharing any information that they collect. As noted above, Walgreens collected information on buying choices and then shared that information with food and beverage manufacturers. Without question, the CCPA allows consumers to opt out of having their information shared with others. Again, as a practical matter, it may be impossible for a store to provide a “don’t-share-my-biometric-information button” for customers as they browse the cold drinks and snacks.

The legal landscape is changing radically as of January 1, 2020. Retailers that do not modify their data collection and sharing behavior and obtain the proper consents will be facing lawsuits and governmental action. For this reason, it is essential for San Diego businesses to retain an experienced San Diego corporate attorney to provide advice and counsel about how to remain compliant with the evolving legal requirements with respect to privacy.

Contact San Diego Corporate Law Today

For more information, contact attorney Michael Leonard, Esq., of San Diego Corporate Law. Mr. Leonard can be reached at (858) 483-9200 or via email. Mr. Leonard provides a full panoply of legal services for businesses including formation of corporate entities of all types. Like us on Facebook.

You Might Also Like:

Consumer Privacy Act: Could the Courts Expand the Private Right of Action Under the CCPA?

Is it Time to Say “No” to Biometrics?

What the California Consumer Privacy Act of 2018 Means for San Diego Businesses

Thoughts on Legal Risks Re: Your CCPA Data Collection and Use Notices

Mergers & Acquisitions: How Does The CCPA Impact The Deal?

Need Help with CCPA Compliance?

SCHEDULE A CONSULTATION

Schedule a Consultation: 858.483.9200