The California attorney general (AG) celebrated data privacy day by doing an “investigative sweep” of the loyalty programs of retailers, supermarkets, home improvement stores, travel companies, and food service companies, and sending out notices of non-compliance to businesses that the AG’s office believes might not be fully compliant with the CCPA. As the AG focuses its attention on loyalty programs, the following provides a reminder of the requirements under the CCPA.
What is a loyalty program?
Loyalty programs are structured in a variety of different ways. Some programs track dollars spent by consumers; others track products purchased. Some programs are free to participate in; others require consumers to purchase membership. Some programs offer consumers additional products; other programs offer prizes, money, or products from third parties. Although neither the CCPA nor the regulations implementing the CCPA define a “loyalty program,” as a practical matter most, if not all, loyalty programs have two things in common: (1) they collect information about consumers, and (2) they provide some form of reward in recognition of (or in exchange for) repeat purchasing patterns.[1]
What are the general obligations under the CCPA?
Because loyalty programs collect personal information about their members, if a business that sponsors a loyalty program is itself subject to the CCPA, then its loyalty program will also be subject to the CCPA. In situations in which the CCPA applies to a loyalty program, the following table generally describes the rights conferred upon a consumer in relation to the program:
| Right | Applicability to Loyalty Program |
| Notice at collection | A loyalty program that collects personal information from its members should provide a notice at the point where information is being collected regarding the categories of personal information that will be collected and how that information will be used.[2] |
| Privacy notice | A loyalty program that collects personal information of its members should make a privacy notice available to its members.[3] |
| Access to information | A member of a loyalty program may request that a business disclose the “specific pieces of personal information” collected about them.[5] |
| Deletion of information | A member of a loyalty program may request that a business delete the personal information collected about them. That said, a company may be able to deny a request by a loyalty program member to delete information in their account based upon one of the exceptions to the right to be forgotten. |
| Opt-out of sale | A loyalty program that sells the personal information of its members should include a “do not sell” link on its homepage and permit consumers to opt-out of the sale of their information. To the extent that a consumer has directed the loyalty program to disclose their information to a third party (e.g., a fulfillment partner) it would not be considered a “sale” of information. |
| Notice of financial incentive | To the extent that a loyalty program qualifies as a “financial incentive” under the regulations implementing the CCPA (discussed below), a business should provide a “notice of financial incentive.”[4] |
Are loyalty programs always financial incentive programs?
Whether a loyalty program constitutes a “financial incentive” program as that term is defined by the regulations implementing the CCPA depends on the extent to which the loyalty program’s benefits “relate to” the collection, retention, or sale of personal information.”[6] While the California Attorney General has implied that all loyalty programs “however defined, should receive the same treatment as other financial incentives,” a strong argument may exist that for many loyalty programs the benefits provided are directly related to consumer purchasing patterns (i.e., repeat or volume purchases) and are not “related” to the collection of personal information.[7] If a particular loyalty program qualifies as a financial incentive program, a business should consider the following steps (in addition to the compliance obligations identified above):
-
-
How the consumer can opt-out, or withdraw, from the program. [15] This is an explanation as to how the consumer can invoke their right to withdraw from the program.[16]
-
-
-
An explanation of how the financial incentive is “reasonably related” to the value of the consumer’s data.[17] While the regulations state that a notice of financial incentive should provide an explanation as to how the financial incentive “reasonably relates” to the value of the consumer’s data, the CCPA requires only that a reasonable relationship exists if a business intends to discriminate against a consumer “because the consumer exercised any of the consumer’s rights” under the Act.[18] Where a business does not intend to use its loyalty program to discriminate against consumers that exercise CCPA-conferred privacy rights, it’s not clear whether this requirement applies. In the event that a reasonable relationship must be shown, however, the regulations require that a company provide a “good-faith estimate of the value of the consumer’s data that forms the basis” for the financial incentive and that the business provide a “description of the method” used to calculate that value.[19]
-
[1] FSOR Appendix A at 273 (Response 814) (including recognition from the AG that “loyalty programs” are not defined under the CCPA, and declining invitations to provide a definition through regulation).
[2] Cal. Civ. Code § 1798.100(a) (West 2021); Cal. Code Regs. tit. 11, 999.304(b), 305(a)(1) (2021).
[3] Cal. Code Regs. tit. 11, 999.304(a) (2021).
[5] Cal. Civ. Code § 1798.100(a).
[4] CAL. CODE REGS. tit. 11, 999.301(n); 304(d); 307(a), (b).
[6] CAL. CODE REGS. tit. 11, 999.301(j) (2021).
[7] FSOR Appendix A at 75 (Response 254).
[8] Cal. Civ. Code § 1798.125(b)(2) (West 2021).
[11] CAL. CODE REGS. tit. 11, 999.307(b)(1) (2021).
[12] CAL. CODE REGS. tit. 11, 999.307(b)(2) (2021).
[13] CAL. CODE REGS. tit. 11, 999.307(b)(2) (2021).
[14] CAL. CODE REGS. tit. 11, 999.307(b)(3) (2021).
[15] CAL. CODE REGS. tit. 11, 999.307(b)(4) (2021).
[16] Cal. Civ. Code § 1798.125(b)(3) (West 2021).
[17] CAL. CODE REGS. tit. 11, 999.307(b)(5) (2021).
[18] Cal. Civ. Code § 1798.125(a)(1), (2) (West 2021).
[19] CAL. CODE REGS. tit. 11, 999.307(b)(5)(a), (b) (2021).
[9] Cal. Civ. Code § 1798.125(b)(3) (West 2021).
[10] Cal. Civ. Code § 1798.125(b)(3) (West 2021).
©2022 Greenberg Traurig, LLP. All rights reserved. National Law Review, Volume XII, Number 34
"loyalty" - Google News
February 04, 2022 at 07:51AM
https://ift.tt/TNUH0WF
What Do Companies Need to Remember About Loyalty Programs? - The National Law Review
"loyalty" - Google News
https://ift.tt/i4NDK7h
https://ift.tt/GaoCA6e
Bagikan Berita Ini
0 Response to "What Do Companies Need to Remember About Loyalty Programs? - The National Law Review"
Post a Comment