CCPA Privacy FAQs: If a business allows consumers to redeem loyalty program benefits for products or services offered by a partner, does that constitute the sale of information?

BCLP
Contact
LinkedIn
Facebook
X
Send
Embed

No. 

The CCPA broadly defines the term “sale” as including the act of “disclosing” or “making available” personal information “for monetary or other valuable consideration” from one business to another.1  In the context of loyalty programs, it is not unusual for the operator of a loyalty program to enter into an agreement with a business partner (e.g., another company) to permit a consumer to redeem loyalty points accumulated through the loyalty program of business A in order to receive goods or services provided by business B.  For example, a hotel may have an agreement with a car rental service through which a consumer can redeem hotel loyalty points to receive a free car rental. 

Such redemption arrangements may require the disclosure of personal information from one business (e.g., business A) to a second business (e.g., business B), and may include the payment of money or other consideration for the ability to receive advertising or promotion as a rewards provider.  As a result, and depending upon the structure of the business relationships, it is possible that the arrangement could fit the definition of “sale” under the CCPA. 

Assuming that the transfer of information to a redemption partner did satisfy the definition of a “sale,” the CCPA contains an exception for situations in which a “consumer uses or directs the business to intentionally disclose personal information.”2  As a result, if a consumer uses a loyalty program in order to interact with another business, or directs a loyalty program to disclose personal information as part of a points redemption, the loyalty program operator arguably has not “sold” information.

For more information and resources about the CCPA visit http://www.CCPA-info.com. 

This article is part of a multi-part series published by BCLP to help companies understand and implement the General Data Protection Regulation, the California Consumer Privacy Act and other privacy statutes.  You can find more information on the CCPA in BCLP’s California Consumer Privacy Act Practical Guide, and more information about the GDPR in the American Bar Association’s The EU GDPR: Answers to the Most Frequently Asked Questions.

1.  CCPA Section 1798.140(t)(1).

2. CCPA, Section 1798.140(t)(2)(A).

[View source.]

Written by:

BCLP
BCLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

BCLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide