Understanding Data Sharing and Negative Option Marketing Legislation
Internet-based businesses that engage in data-sharing and utilize negative option marketing models are wise to pay particular attention to recent federal and state restrictions. In fact, it appears as though large-scale website redesign may soon be mandatory to align with regulatory compliance requirements.
The Restore Online Shoppers Confidence Act (“ROSCA”) was signed into law on December 29, 2010 and targets aggressive online sales tactics. Specifically, it prohibits online retailers from transferring consumer billing information to third party sellers and from charging consumers for participation in negative option programs before obtaining express informed consent.
The data-passing restrictions target transactions through which consumers make a purchase online and may unknowingly be enrolled in a second service. They may receive a pop-up or rewards offer and not realize that when they sign-up, the first party website transfers the billing data to the third party, which enrolls the consumer in a paid program.
The law requires that the third party seller clearly disclose all material terms of the transaction and obtain express informed consent, before obtaining the consumer's billing information. In order to obtain that consent, the third party seller must obtain the consumer's full account number, name and address, and a means to contact the consumer. The consumer must also perform an additional affirmative action, such as checking a box or clicking on a confirmation button.
The restrictions on negative option marketing are meant to target business practices through which consumers are enrolled in paid programs by their failure to act, such as not cancelling a service before the end of a free trial period. The law requires that all material terms be clearly and conspicuously disclosed before the consumer's billing information is obtained.
Countless eCommerce websites have, undoubtedly, not been modified to meet new compliance standards. For example, many websites have features that store payment data and/or pre-populate online forms. Doing so may not be compliant.
If an online business uses stored billing information to enroll a consumer in a negative option marketing program, it could violate ROSCA. Transferring stored account data to third party sellers would also create ROSCA problems.
The Federal Trade Commission not only enforces unlawful data passing and negative option marketing practices under Section 5 of the FTC Act, the Commission also possesses civil penalty authority, and settlements are not inexpensive.Continued on the next page