Among the myriad laws and regulations that took effect across the country at the start of 2020, none is likely to have a bigger impact on the way mass market retailers do business than the California Consumer Privacy Act. Passed by the state legislature and signed into law by Gov. Gavin Newsom amid calls for a ballot initiative to deal with the issue of threats to privacy in the digital age, the groundbreaking measure gives individuals more control over how personal information collected by retailers and other companies is used.

The law empowers Californians to know what data is being gathered; block companies from selling the information; and instruct them to delete existing records. While critics argue that the legislation puts the onus for protecting privacy on consumers instead of businesses and includes some significant loopholes, it is the most far-reaching attempt in this country to address mounting concerns about technology’s ability to track people’s behavior and preferences.

Whatever its shortcomings, the new law puts California in the vanguard. Together with the European Union’s General Data Protection Regulation, the state’s Consumer Privacy Act is expected to set the bar for future government action. For companies with a national reach, it already has become the standard. With a $3 trillion economy and a population of almost 40 million, California is the most important market for major retailers, leaving them no choice but to embrace the new privacy regulations.

The most enlightened merchants have done so enthusiastically. Walmart, to cite just one example, updated its privacy policy on January 1 to comply with the California law. “Our founder Sam Walton reminded us that ‘a promise we make is a promise we keep,’ and it’s our promise to customers that we respect the trust you place in us and the privacy of the information you share,” the company says on its website. “Our way of [building trust] is to let you know in a clear, prominent and easily accessible way how we collect, use, share and, above all, protect your personal information.”

For consumer-centric companies like Walmart, when it comes to privacy, listening to the preferences of the people who shop there is a natural extension of the approach that has always served them well. The best thing for the retail industry as a whole would be the enactment of a nationwide standard governing consumers’ personal information. In the meantime, merchants who commit to ethical use of such data will have a competitive advantage over those that don’t.