To access our COVID-19 related information, click here

New Federal Law Prohibits “Data Passes” and “Negative Option” Marketing

By:  Joe Pecora, Jr.

On December 29, 2010, President Obama signed the Restore Online Shoppers’ Confidence Act into law. This fairly new law places restrictions and limits on after sale “data passes” and negative option marketing through Internet sales. Senator John D. (Jay) Rockefeller, IV Chairman of the U.S. Senate Committee on Commerce, Science, and Transportation originally introduced the Bill, ultimately becoming this law, in May after the Senate conducted hearings into the practices of Affinion, Vertrue, and Webloyalty. The Committee published information about the objectionable practices. The New York Attorney General’s Office had also opened an investigation against these companies resulting in multi-million dollars settlements.

In a nutshell, these third-parties were offering various membership clubs to users of e-commerce sites. Typically, when a user of an e-commerce site completed an online purchase, that user would be re-directed to join a membership discount club for promotions, rebates, and the like. The user never had to re-enter his or her credit card, because the card information was passed off (“data pass”) from the e-commerce site where the user just completed a transaction. Many users apparently did not understand that their credit cards would be charged, since they did not need to re-enter credit card data at the membership club registration. The clubs then typically offered a free trial period after which the user’s credit card would be charged if they did not cancel the membership. If not cancelled, the club operator placed recurring monthly charges to the user’s credit card. In general, the process of interpreting silence as acceptance or automatically charging the user unless they cancelled is a “negative option” sale.

The law prohibits an initial e-commerce vendor from passing-off a user’s credit card information to a third-party in a post-transaction sale for the purposes of that post-transaction third-party’s sale of goods or services to the user.

The law makes it unlawful for a posttransaction third-party seller to charge or attempt to charge a user’s credit or debit card, bank, or other financial account for an Internet sale, unless the post transaction third-party complies with two prerequisites:

First, before obtaining the consumer’s billing information, the post-transaction third party seller must clearly and conspicuously disclose to the consumer all material terms of the transaction, including: (i) a description of the goods or services being offered; (ii) the fact that the post-transaction third party seller is not affiliated with the initial merchant, which may include disclosure of the name of the posttransaction third party in a manner that clearly differentiates it from the initial merchant; and, (iii) the cost of such goods or services.

Second, the post-transaction third party seller must receive the express informed consent, by affirmative opt-in consent such as checking a box or clicking on a consent button, for the charge from the consumer whose credit card, debit card, bank account, or other financial account will be charged by obtaining from the consumer: (i) the full account number of the account to be charged; and, (ii) the consumer’s name and address and a means to contact the consumer.

The law also makes “negative option” sales illegal unless the seller: (1) provides text that clearly and conspicuously discloses all material terms of the transaction before obtaining the consumer’s billing information; (2) obtains a consumer’s express informed consent before charging the consumer’s credit card, debit card, bank account, or other financial account for products or services through such transaction; and, (3) provides simple mechanisms for a consumer to stop recurring charges from being placed on the consumer’s credit card, debit card, bank account, or other financial account.

The law gives the Federal Trade Commission enforcement authority, and also allows state attorneys general to enforce the law, with the remedies and penalties available under the Federal Trade Commission Act.

There has been some confusion generated in online content about this law. Apparently, some are concerned that the law absolutely prevents any post-transaction up-selling, even if it were done by the first-party website where the user made the initial purchase.

However, the law defines a “post-transaction third party seller’’ as one who: (A) sells, or offers for sale, any good or service on the Internet; (B) solicits the purchase of such goods or services on the Internet through an initial merchant after the consumer has initiated a transaction with the initial merchant; and, (C) is not: (i) the initial merchant; (ii) a subsidiary or corporate affiliate of the initial merchant; or, (iii) a successor of an entity described in clause (i) or (ii).

Thus, it seems fairly clear that an “initial merchant” is not prevented from posttransaction marketing, but is clearly prevented from passing the financial data allowing the user’s financial account charging to another entity. Nevertheless, if e-commerce vendors are cross-selling through any non-subsidiary or corporate affiliate strategic alliances, they should ensure that data passes are not improperly made, and the entity to which the user is referred complies with all transparency obligations. All should note the requirements on “negative option” sales.