California AG Warns Businesses Operating Loyalty Programs of CCPA Violations

California AG Warns Businesses Operating Loyalty Programs of CCPA Violations

On January 28th, National Data Privacy Day, California Attorney General Rob Bonta announced that his office had notified several businesses operating loyalty programs in California about alleged noncompliance with the California Consumer Privacy Act (CCPA).

The CCPA allows businesses to offer financial incentives in exchange for collecting, selling, or sharing personal information with the consumer’s consent. Businesses that offer a financial incentive program, like certain loyalty programs, must provide readily accessible notice that clearly describes the material terms of the program, how the consumer can opt in and opt out, and how the value of the incentive provided is reasonably related to the value of the consumer’s data to the business. Importantly, the financial incentive regulations apply to data collected online and offline, as made apparent by the Attorney General.

The warning letters were sent to major corporations in the retail, home improvement, travel, and food and services industries. The notices allege the businesses failed to provide a notice of financial incentive to customers that opt into their loyalty program as required by the CCPA. Under the CCPA, businesses that receive notice of a violation have 30 days to cure the violation; however, the right to a cure period will go away when the California Privacy Rights Act (CPRA) becomes effective January 1, 2023.

The CCPA’s impact on loyalty programs is continuing to evolve. Last year, the Attorney General sent notices of alleged CCPA noncompliance related to financial incentive programs to a couple of businesses, including a grocery chain that offered a loyalty program but did not provide notice of financial incentive to consumers participating in the program. The grocery chain amended its privacy policy to include such notice within the cure period.

This enforcement activity regarding financial incentives indicates the importance the California Attorney General is placing on how businesses collect and use customer data in connection with such programs. Businesses offering loyalty programs or other incentives in connection with the collection or use of consumer data, even as simple as offering a discount in exchange for a consumer signing up to receive emails, should work with counsel to evaluate the programs and provide any necessary disclosures.

*Aaron Parry contributed to this post

A Partner at M&S, Josh advises clients on a range of proactive and responsive matters, helping them achieve their business goals while complying with federal and state privacy and other consumer protection laws.

1200 798 Josh Stevens
Share This Post:
Start Typing
Skip to content