Financial Incentive Programs: Your Coupon May Require Extra Calculations Under the CCPA
The California Consumer Privacy Act (CCPA) went into effect January 1, 2020 and Attorney General enforcement began July 1, 2020.
Background
Among the various changes the new law has required for covered entities, one that has received less attention involves requirements tied to “financial incentives,” which the CCPA defines as a “program, benefit, or other offering, including payments to consumers, related to the collection, retention, or sale of personal information.” These often arise where a consumer is asked to provide, for example, their e-mail address to get access to discounts on a website. Notably, the CCPA has laid out specific requirements for companies engaging in such offers.
Requirements Surrounding Financial Incentives
While every shopper loves a good deal and many may readily hand over personal information for a discount, companies subject to the CCPA must be mindful of the legal implications of such an exchange. When offering financial incentive for the exchange of personal information, a company must consider a few steps.
Step 1. Data Valuation. Given that the CCPA requires a correlation between the incentive offered and the data received, it is important that a company first conduct an analysis to determine the value of the consumer’s data exchanged for the financial incentive or price or service difference. A reasonable, good-faith estimate must form the basis for offering the financial incentive or price or service difference, the calculation method must be documented, and a description of the method used to calculate the value of the data must be included in the notice to consumers. When calculating the value of the consumer data, businesses are instructed to consider the following factors:
- Value of data to business. The marginal value and average value to the business of the sale, collection, or deletion of a consumer’s data;
- Aggregate average value. The aggregate value to the business of the sale, collection, or deletion of consumers’ data divided by the total number of consumers;
- Revenue generation. Revenue generated by the business from sale, collection, or retention of consumers’ data;
- Expenses tied to data. Expenses related to the sale, collection, or retention of consumers’ personal information;
- Expenses tied to offer. Expenses related to the offer, provision, or imposition of any financial incentive or price or service difference;
- Profits. Profit generated by the business from sale, collection, or retention of consumers’ personal information; and
- Other. Any other practical and reasonably reliable method of calculation.
Step 2. Provide Notice. Before offering a financial incentive or price or service different in exchange for the collection, retention, or sale of personal information, provide notice so consumers may make informed decisions on whether to participate. Such notice must include a few items, including:
- A summary of the financial incentive;
- Description of material terms, including the categories of personal information that are implicated and the value of the data;
- Opt-out instructions;
- A statement that the consumer has the right to withdraw at any time, as well as instructions on how to exercise that right; and
- An explanation of how the financial incentive or price or service difference is reasonably related to the value of the consumer’s data (i.e., explain rationale used at Step 1).
Step 3. Avoid Discriminatory Practices for Non-Participants. Review the financial incentive or price or service difference to ensure that it is not discriminatory. A business is not allowed to treat a consumer differently (i.e., discriminate) because the consumer exercised a right conferred by the CCPA, such as the Right to Opt-out. This means that if a consumer withdraws consent (e.g., unsubscribes from e-mail or submits an “opt-out” request), the business must not charge a different price or rate, or provide a different level of goods or services, that go beyond the value that the opted-out information provided. In other words, businesses may charge the full price, if the discount offered was reasonably related to the value provided to the business by the data requested. Additionally, a full price may not be unreasonably marked up or altered for participants or non-participants in the incentive offering. In short, businesses may not use financial incentive practices that are unjust, unreasonable, coercive, or usurious in nature.
To further explain this point, the Attorney General’s Regulations provide some helpful examples as they relate to deletion requests and non-discrimination, including:
Scenario 1. If a consumer submits a request to delete but also wants to continue participation in a loyalty program, the business may deny the request to delete because the consumer’s information is required in order to provide the loyalty program.
Scenario 2. On the other hand, if a consumer submits a request to delete and stops receiving discounts through browser pop-up windows, this is discriminatory unless the value of the discounts are reasonably related to the value provided to the business by the data.
The difference between the two scenarios is that the personal information is necessary to provide a loyalty program in Scenario 1. In Scenario 2, the personal information is not necessary to provide browser pop-up discounts, and the value of the personal information is not clearly related to the discount.
Contacts
- Related Practices