This is a story about a new law that goes into effect this morning, and a surprising difference between Amazon and Walmart (and Target, among others).

Starting today, if you shop online at Target or Walmart, you'll reportedly see something new: a button or link reading something like "Do Not Sell My Info."

It's in response to a new California law that requires retailers to let consumers opt out of having their personal data sold to third parties. And, it's not just Walmart and Target that has to act.

Large online retailers like Home Depot are also adding similar notifications to their websites. They're reportedly doing it for shoppers across the U.S. -- not just in California.

But there's a conspicuous exception: Amazon.

"We do not plan to put a 'Do not sell' button on our website," an Amazon spokeswoman told Reuters, "because Amazon is not in the business of selling customers' personal data and it never has been."

Four new rights

The law in question is called the California Consumer Privacy Act (CCPA). It was signed in 2018, with an effective date of January 1, 2020.

If you live in California, you now have four key rights when you deal with online retailers, as summarized by Ella Chochrek of Footwear News (via Yahoo News):

  1. the right to know (meaning "know what personal information is being collected, held and sold"),
  2. the right to delete (the right to "request businesses eliminate that information"),
  3. the right to opt out (which is what's prompting the "do not sell" links and buttons), and 
  4. the right to nondiscrimination (which means you can't be treated differently or charged more for exercising your other rights).

The law apparently applies only to businesses with more than $25 million in gross annual revenues, or that have obtained "personal info for 50,000-plus consumers, households and devices."

As goes California...

I wrote in November about a pretty intense report by Kashmir Hill of the New York Times on just how much information big digital companies have on us.

She pried loose a 400-page report that contained things like "all the messages [she had] ever sent to hosts on Airbnb; years of Yelp delivery orders; [and] a log of every time [she] opened the Coinbase app on my iPhone."

The only reason she was able to obtain that report, however, was this same California law.  It technically hadn't gone into effect yet, but one of the companies involved agreed to share her secret information anyway.

Similarly, some of the big online retailers apparently find it makes sense to just offer at least some of the same rights to everyone in the U.S.

In fact, even though the Amazon says it won't include a "do not sell" button, the company said it will "provide to all of our U.S. customers the data access and data deletion request processes that we provide to California customers under CCPA."

Too big to share

You might wonder what will happen when these "do not sell" buttons pop up all over the Internet, reminding consumers just how many companies have been reserving the right to sell our information.

It makes Amazon's decision not to add such a button stand out, along with its assertion that it hasn't ever been in the business of selling personal information in the first place.

It's intriguing, and perhaps smart. Of course, it could also be that Amazon is simply so big, and so ambitious, that it sees no  point in sharing customer data with competitors, no matter what the price.

Tough to tell. Other companies have marketplaces, of course. Other companies share data. 

But going back nearly 20 years, Amazon was working with other big retailers to run their websites for them -- and learning from their customers' experience in the process.

'Ambiguities in the law'

Even some of the retailers that say they will put "do not sell" buttons on their sites also seem less than 100 percent sure it's legally required. They say it's not clear what "selling" information actually means.

Reuters quoted a Walmart source saying the company is "working through a lot of ambiguities in the law, for example, the language around loyalty programs and if retail companies can offer them going forward."

But what can you do? Take a risk?

The law carries with it penalties between $2,500 and $7,500 per violation.

It's only Day 1. It's too soon to predict how this will all shake out. But, the big retailers are acting as if they've seen the future. And it's being born in California.