CCPA Regulation Update: Managing a New Era of Loyalty Programs
In part three of our breakdown of the California Attorney General’s proposed regulations, we want to address a key point of issue in the California Consumer Privacy Act (“CCPA”): loyalty programs. Loyalty or "reward" programs are a specifically mentioned subject within the CCPA. Furthermore, when the CCPA was initially passed, it was the cause of some commotion as to whether or not these loyalty programs would still exist, since they typically require that a business collect personal information about customers in order to provide customers a benefit. This could include anything from offering the consumers discounts, faster service, or a financial incentive (i.e. coupons). So, how does the CCPA apply to a loyalty program? Do these programs need to change? How can a business continue to provide tailored content, goods and services to their consumers?
The CCPA and Regulations on Loyalty Programs
To comply with the CCPA, loyalty programs must be non-discriminatory. Essentially, a business cannot implement a loyalty program or incur a price or service difference unless the differences are due to the value of that information. A good example of this is in the proposed regulations, where an online retailer cannot stop providing periodic coupons to consumers after a request for deletion unless it can demonstrate that the value of the coupons is reasonably related to the value of the information.
Thankfully, the proposed regulations have also discussed how data can be valued, which includes the revenue of the business from the retention of consumer information, the profit generated from retention, and any other practical and reasonably reliable method of calculation used in good faith. In addition, this calculation can be extended to the entire U.S. for simplicity, rather than isolating only transactions involving a California resident.
As an aside, for any "premium" programs, where better financial incentives or services may be provided for an additional cost, the new proposed regulations specified that these "premium" programs cannot have separate opt-out rights, when compared to programs that do not include an additional cost - as such actions would be discriminatory unless the company can explain how the additional cost is related to the value of that consumer's information.
Notice of Loyalty Programs
- A summary of the program (i.e. what incentives exist for the consumer?)
- A description of the material terms, including what information is at play for the program.
- How the consumer can opt-in to receive incentives.
- A statement of their right to withdraw at any time.
- An explanation as to how the program is related to the value of their data (i.e. repeat sales adding profit or revenue).
Finally, it should be noted that under the proposed guidelines, the existence of a loyalty program does create another opportunity for businesses to refuse complying with a consumer's requests, as they cannot simultaneously allow a customer to demand the deletion of information while continuing to provide them services associated with the loyalty program.
How to Comply?
Newmeyer Dillion has created a 90 day CCPA compliance program (which can be expedited to 60 days) where our team will collaborate with you to determine a scalable, practical, and reasonable way for you to meet your needs, and we will provide a free initial consultation. Contact us for more information.