Heads-Up to Any Companies with Loyalty Programs –They Count as “Financial Incentives” for Purposes of the CCPA

Rothwell, Figg, Ernst & Manbeck, P.C.
Contact

On Friday, January 28, 2022, the California Office of Attorney General issued a press release announcing that California DOJ sent notices alleging non-compliance with the California Consumer Privacy Act (CCPA) to a number of businesses operating loyalty programs in California.  The press release stated, inter alia:

“Under the CCPA, businesses that offer financial incentives, such as discounts, free items, and other rewards, in exchange for personal information must provide consumers with a notice of financial incentive.  This notice must clearly describe the material terms of the financial incentive program to the consumer before they opt in to the program.  Letters were sent today to major corporations in the retail, home improvement, travel, and food service industries, who have 30 days to cure and come into compliance with the law.”

The press release also quoted the California AG, Rob Bonta:

“In the digital age, it’s easy to forget that our data isn’t only collected when we go online.  It’s collected when we enter our phone number for a discount at the supermarket; when we use rewards for a free cup of coffee at our local coffee shop; and when we earn points to purchase items at our favorite clothing store… We may not always realize it, but these brick and mortar stores are collecting our data – and they’re finding out new ways to profit from it.”

Under the CCPA regulations, a “financial incentive” is defined broadly to mean “a program, benefit, or other offering, including payment to consumers, related to the collection, deletion, or sale of personal information.”  Cal. Code Regs.. tit. 11, Section 999.301(j).

Prior to these notices and a July 2021 press release regarding a similar notice, arguments had been made that loyalty programs were not offering financial incentives for the collection of personal information, and thus, they did were not covered by Section 1798.125 of the CCPA.  This argument seemingly hinged largely on the name itself — “loyalty program” – which implies that financial incentives are in recognition of repeat purchasing behavior.  Others have argued that just because loyalty programs are designed to reward loyal customers does not meet that they do not also provide important personal information to businesses (e.g., purchasing habits – who likes to shop where, when, and buy what).

CCPA requires that companies that offer financial incentives in exchange for personal information meet certain criteria, including: (1) notifying the customer of the financial incentive (CCPA 1798.125(b)(2) and 1798.135); (2) obtaining the customer’s “opt in consent” to the “material terms” of the financial incentive program (prior to opting in) (CCPA 1798.125(b)(3)); and (3) permitting the customer to revoke their consent at any time (id.).

The CCPA regulations provide more guidance.  A Notice of Financial Incentive must include the following:

  1. A succinct summary of the financial incentive or price or service difference offered;
  2. A description of the material terms of the financial incentive or price difference, including the categories of personal information that are implicated by the financial incentive or price or service difference and the value of the consumer’s data;
  3. How the consumer can opt-in to the financial incentive or price or service difference;
  4. A statement of the consumer’s right to withdraw from the financial incentive at any time and how the consumer may exercise that right; and
  5. An explanation of how the financial incentive or price or service difference is reasonably related to the value of the consumer’s data, including (a) a good-faith estimate of the value of the consumer’s data that forms the basis for offering the financial incentive or price or service difference; and (b) a description of the method the business used to calculate the value of the consumer’s data.

Cal. Code Regs. Tit. 11, Section 999.307 (emphasis added).

According to the quote from AG Bonta in Friday’s press release, it appears that at least some of the non-compliance notices may have targeted companies’ brick-and-mortar activities – e.g., entering phone numbers at check-out.  It is also noteworthy that a grocery store loyalty program was also expressly mentioned in the previously-mentioned July 2021 press release: “A grocery chain required consumers to provide personal information in exchange for participation in its company loyalty programs.  The company did not provide a Notice of Financial Incentive to participating customers.  After being notified of alleged noncompliance, the company amended its privacy policy to include a Notice of Financial Incentive.”

Under CCPA, businesses that receive notices of non-compliance have 30 days to cure or fix the alleged violation before an enforcement action can be initiated.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Rothwell, Figg, Ernst & Manbeck, P.C. | Attorney Advertising

Written by:

Rothwell, Figg, Ernst & Manbeck, P.C.
Contact
more
less

Rothwell, Figg, Ernst & Manbeck, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.