Does the CCPA require that the benefits conferred by a loyalty program be “reasonably related” to the value of a consumer’s data to the business?

Bryan Cave Leighton Paisner

Arguably no.

The CCPA makes clear that a business can offer different prices or rates to consumers as part of a financial incentive program if those different prices or rates are “directly related to the value provided to the business by the consumer’s data.”1  The CCPA does not, however, directly prohibit the offering of a financial incentive if the value provided to the business by the consumer’s data is not “directly related” to the value of the financial incentive. 

The CCPA also states that a business may not, through a financial incentive program (or any other activity), discriminate against a consumer because the consumer “exercised any of [their] rights” under the CCPA (e.g., access, deletion, or opt-out of sale), unless the difference in price, rate, or quality that forms the basis of the discrimination is “reasonably related to the value provided to the business by the consumer’s data.”2

In commentary published with the issuance of the regulations implementing the CCPA, the California Attorney General informally suggested that the Act might be interpreted as requiring that the benefit provided by all loyalty programs should be “reasonably related to the value of the consumer’s data to the business.”3  The California Attorney General did not explain, however, the basis for his assertion, and such a position would directly conflict with the text of the CCPA (described above) which applies the “reasonable relationship” test only to situations in which “discriminat[ion]” is prompted by the “exercise[] . . . of the consumer’s rights.”4 Furthermore, in other statements made by the Attorney General, he concedes that the “reasonable related” standard applies only in the context of discrimination.5

As a result, there is a strong argument that the price or rate discounts offered through a loyalty program do not need to be reasonably related to the value that a business derives from data, so long as the business does not discriminate against a consumer that attempts to exercise a privacy right. 

For more information and resources about the CCPA visit

This article is part of a multi-part series published by BCLP to help companies understand and implement the General Data Protection Regulation, the California Consumer Privacy Act and other privacy statutes.  You can find more information on the CCPA in BCLP’s California Consumer Privacy Act Practical Guide, and more information about the GDPR in the American Bar Association’s The EU GDPR: Answers to the Most Frequently Asked Questions.

1. CCPA, Section 1798.125(b)(1).

2. CCPA, Section 1798.125(a)(1), (2).

3. FSOR Appendix A at 75 (Response No. 254), 274 (Response No. 815).

4. CCPA, Section 1798.125(a)(2).

5. FSOR Appendix A at 273 (Response No. 814).

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Bryan Cave Leighton Paisner | Attorney Advertising

Written by:

Bryan Cave Leighton Paisner

Bryan Cave Leighton Paisner on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.