A Penny for Your Thoughts or a Penny Off for Your Personal Data: Financial Incentive and Loyalty Rewards Under California Privacy Law

On January 28, 2022 (Data Privacy Day), California Attorney General Rob Bonta announced “an investigative sweep of a number of businesses operating loyalty programs in California and sent notices alleging non-compliance with the California Consumer Privacy Act (CCPA).” The investigative sweep included letters being sent “to major corporations in retail, home improvement, travel, and food services industries.”

The likelihood of enforcement for non-compliant financial incentive programs was previously highlighted by the California Attorney General Rob Bonta’s First-Year Enforcement Update (released July 19, 2021), wherein the report provides examples of notices of non-compliance given to businesses. The illustrative examples signal a focus on privacy notices, including notices of financial incentives, and responding to consumer requests.

At that time, CCPA had a thirty-day cure period that allowed businesses to correct the non-compliance issues. Of the businesses that received a notice, 75% of the businesses acted swiftly to come into compliance within the thirty-day statutory cure period. However, this cure period expired on January 1, 2023, and businesses that are subject to CCPA will be faced with enforcement actions and penalties without an opportunity to cure.

Under the CCPA, a “financial incentive” is a program, benefit, or other offering (including payments to consumers) related to the collection, retention, or sale of personal information. In other words, it is an incentive whereby a business gives an individual a discount or reward in exchange for the individual’s personal information. As of the January 1, 2023, we are seeing more financial incentive notices, however, there are still many businesses that are not complying with the CCPA’s financial incentive notice obligations.

Who is Required to Provide a Notice of Financial Incentive?

Under the CCPA, a business that offers financial incentives in exchange for personal information must provide consumers with a notice of financial incentive. In other words, if a business provides a difference in price or service in exchange for personal information (e.g., signing up for a newsletter or a loyalty rewards program), the business must provide notice and before the business collects the additional personal information, the consumer must choose to opt-in.

Why is a Notice of Financial Incentive Required?

As a fundamental matter, the CCPA prohibits businesses from discriminating against an individual if the individual exercises any rights under the CCPA (e.g. to not have their data sold or to opt-out of marketing). While financial incentives are essentially discriminatory because they provide a difference in price or service in exchange for personal information, the CCPA provides a narrow exception if the financial incentive is properly administered. The CCPA allows for such financial incentive programs to consumers if the financial incentive is reasonably related to the value of the consumer’s personal information, which must be included in the notice of financial incentive, and involves a detailed calculation.

What are the Notice of Financial Incentive Requirements?

A business that provides a financial incentive program must provide a notice of financial incentive that includes:

  • A succinct summary of the financial incentive or price or service difference offered
  • A description of the material terms of the financial incentive program
  • How the consumer can opt-in to the financial incentive program (separately from a standard terms of use or similar document)
  • A statement of the consumer’s right to withdraw from the financial incentive at any time and how the consumer may exercise that right; and
  • An explanation of how the financial incentive or price or service difference is reasonably related to the value of the consumer’s data to the business.

The notice of financial incentive must also be designed and presented in a way that is easy to read and understandable to consumers, which includes: (1) using plain, straightforward language; (2) using a format that draws attention to the notice, including on smaller screens; (3) be available in the language the business ordinarily provides its contracts, disclaimers, and other notices to consumers in California; and (4) be reasonably accessible to consumer with disabilities.

To highlight the calculation of the price or service difference mentioned above, a business must provide: (1) A good-faith estimate of the value of the consumer’s data that forms the basis for offering the financial incentive or price or service difference; and (2) A description of the method the business used to calculate the value of the consumer’s data. Without such disclosure, a financial incentive program would not be in compliance with CCPA and, if offered to consumers, could lead to enforcement actions and fines.

How to Provide a Notice of Financial Incentive Programs?

If the business offers its financial incentive or price or service difference online, the notice of financial incentive may be given by providing a link to the section of a business’s privacy policy that contains the notice of financial incentive requirements. Alternatively, the business may set up a separate page, separate from the privacy policy, but the notice must be provided to the consumer prior to their opting-in to the program.

Penalties for Non-compliance with CCPA’s Notice of Financial Incentive

Businesses that violate CCPA may be subject to injunctions and civil penalties of $2,500 for each violation and $7,500 for each intentional violation. Businesses that are subject to CCPA should review their loyalty, discount and other programs and offers to ensure that they are in compliance with the financial incentive notice requirements.

 For more information, please contact Chiara Portner and Kenny Gutierrez.

Stay up to date on the latest privacy and security news by subscribing to our Data Privacy mailing list. Click here to subscribe.

Stay up to date on the latest news, alerts, events and legal insights: