New Federal Law Prohibits “Data Passes” and “Negative Option” Marketing

New Laws Place Restrictions and Limits on After Sale Data Passes and Negative Option Marketing

On December 29, 2010, President Obama signed the “Restore Online Shoppers’ Confidence Act” into law. This new law places restrictions and limits on after sale “data passes” and “negative option” marketing through Internet sales.   Senator John D. (Jay) Rockfeller, IV Chairman of the U.S. Senate Committee on Commerce, Science, and Transportation originally introduced the Bill, ultimately becoming this law, in May after the Senate conducted hearings into the practices of Affinion, Vertrue, and Webloyalty cloud collaboration.  The Committee published information about the objectionable practices.  The New York Attorney General’s Office had also opened an investigation against these companies resulting in multi-million dollar settlements.

In a nutshell, these third-parties were offering various membership clubs to users of e-commerce sites. Typically, when a user of an e-commerce site completed an online purchase, that user would be re-directed to join a membership discount club for promotions, rebates, and the like. The user never had to re-enter his or her credit card, because the card information was passed off from the e-commerce site where the user just completed a transaction. Many users apparently did not understand that their credit cards would be charged, since they did not need to re-enter credit card data at the membership club registration. The clubs then typically offered a free trial period after which the user’s credit card would be charged if they did not cancel the membership. If not cancelled, the club operator placed recurring monthly charges to the user’s credit card. In general, the process of interpreting silence as acceptance or automatically charging the user unless they cancelled is a “negative option” sale.

The law prohibits an initial e-commerce vendor from passing-off a user’s credit card information to a third-party in a post-transaction sale for the purposes of that post-transaction third-party’s sale of goods or services to the user.

The law makes it unlawful for a post-transaction third-party seller to charge or attempt to charge a user’s credit or debit card, or bank or other financial account for an Internet sale, unless:

(1) before obtaining the consumer’s billing information, the post-transaction third party seller has clearly and conspicuously disclosed to the consumer all material terms of the transaction, including: (A) a description of the goods or services being offered; (B) the fact that the post-transaction third party seller is not affiliated with the initial merchant, which may include disclosure of the name of the post-transaction third party in a manner that clearly differentiates the post transaction third party seller from the initial merchant; and, (C) the cost of such goods or services; and, (2) the post-transaction third party seller has received the express informed consent for the charge from the consumer whose credit card, debit card, bank account, or other financial account will be charged by: (A) obtaining from the consumer— (i) the full account number of the account to be charged; and (ii) the consumer’s name and address and a means to contact the consumer; and (B) requiring the consumer to perform an additional affirmative action, such as clicking on a confirmation button or checking a box that indicates the consumer’s consent to be charged the amount disclosed.”

The law also makes “negative option” sales illegal unless the seller:

“(1) provides text that clearly and conspicuously discloses all material terms of the transaction before obtaining the consumer’s billing information; (2) obtains a consumer’s express informed consent before charging the consumer’s credit card, debit card, bank account, or other financial account for products or services through such transaction; and (3) provides simple mechanisms for a consumer to stop recurring charges from being placed on the consumer’s credit card, debit card, bank account, or other financial account.”

The law gives the Federal Trade Commission enforcement authority, and also allows state attorneys general to enforce the law, with the remedies and penalties available under the Federal Trade Commission Act.

There has been some confusion generated in online content about this law. Apparently, some are concerned that the law absolutely prevents any post-transaction up-selling, even if it were done by the first-party website where the user made the initial purchase.

However, the law defines a “post-transaction third party seller’’ as one who:

“(A) sells, or offers for sale, any good or service on the Internet; (B) solicits the purchase of such goods or services on the Internet through an initial merchant after the consumer has initiated a transaction with the initial merchant; and (C) is not: (i) the initial merchant; (ii) a subsidiary or corporate affiliate of the initial merchant; or (iii) a successor of an entity described in clause (i) or (ii).”

Thus, it seems fairly clear that an “initial merchant” is not prevented from post-transaction marketing, but is clearly prevented from passing the financial data allowing the charging of the user to another entity. Nevertheless, if e-commerce vendors are cross-selling through any non-subsidiary or corporate affiliate strategic alliances, they should ensure that data passes are not made, and the entity to which the user is referred complies with all transparency obligations. All should note the requirements on “negative option” sales.