The lame duck Congress that reconvened following the November elections wasn’t expected to do much, but some legislation got pushed out at the eleventh hour (or perhaps, the one-hundred-and-eleventh hour), including the "Restore Online Confidence Act," S. 3386 (111th Cong., 2d Sess. 2010), sponsored by Sen. John D. Rockefeller, IV. The Act was introduced following a series of reports and hearings that examined so-called data pass marketing practices in Internet transactions, and the issuance of a report. See Office of Oversight and Investigations Majority Staff, Senate Commerce on Commerce, Science and Transportation, "Aggressive Sales Tactics on the Internet and Their Impact on American Consumers," (Staff Report for Chairman Rockefeller Nov. 16, 2009)
Data pass transactions involve offers made by third-party marketers at the conclusion of an transaction between an online merchant and a customer. If the merchant’s customer assents to the third-party marketer’s offer, the customer’s payment information is transferred directly from the merchant to the marketer, without further input of that data by the customer. In some cases, the offers entail enrollment in subscription discount programs requiring continuous payments, generically referred to as "web loyalty programs." According to the Act’s findings and declaration of policy: "Because third party sellers acquired consumers’ billing information from the initial merchant through `data pass’, millions of consumers were unaware they had been enrolled in membership clubs."
In addition to the Congressional hearings, data pass marketing was challenged in a series of class action complaints and in consumer fraud investigations by the New York State Attorney General. The NY AG investigations were settled with payments totaling $18.5 million obtained not only from the third-party marketing companies involved, but also from the online merchants who partnered with the marketing companies that made the offers.(See NY AG press releases here and here.)
The new federal Act addresses both the provision of consumer information by online merchants to third-party marketers, and the use of consumer information by such marketers.
The Act flatly prohibits the passing of customer payment data from an online merchant to a third-party marketer, referred to in the Act as a "post-transaction third party seller," a defined term. The Act makes it unlawful for an online merchant, i.e., an "initial merchant," to provide "credit card, debit card, bank account, or other financial account number, or to disclose other billing information that is used to charge a customer of the initial merchant, to any post-transaction third party seller for use in an Internet-based sale of any goods or services from that post-transaction third party seller."
The Act also makes it unlawful for a post-transaction third party seller to charge or attempt to charge a consumer’s financial account unless a description of the goods and services and their cost has been provided to the consumer, as well as a statement that the seller is not affiliated with the initial merchant "in a manner that clearly differentiates the post-transaction third party seller from the initial merchant." The seller must also obtain the "express informed consent" of the consumer in order to charge a consumer’s financial account. Such consent is defined as obtaining the customer’s name, address and contact information, and the "full account number of the account to be charged," as well as "requiring the consumer to perform an additional affirmative action, such as clicking on a confirmation button or checking a box that indicates the consumer’s consent to be charged the amount disclosed."
The Act additionally addresses the subject of negative option marketing in online transactions, referring to the definition in FTC Telemarketing Sales Rule, i.e., "in an offer or agreement to sell or provide any goods or services, a provision under which the customer’s silence or failure to take an affirmative action to reject goods or services or to cancel the agreement is interpreted by the seller as acceptance of the offer." (See 16 C.F.R. 310.2(f) defining "negative option feature"). Charging a consumer for goods or services sold in a transaction "effected on the Internet" using a "negative option feature" is prohibited unless three criteria are met: (1) all material terms are "clearly and conspicuously disclosed" before the consumer’s billing information is obtained; (2) the consumer’s "express informed consent" is obtained before charging the consumer’s financial account; and (3) a "simple mechanism" is provided for the consumer to stop any recurring charges on the account. This provision is not limited to third-party post-transaction offers, it should be noted.
The Act does not provide a civil right of action to individuals. The FTC and state attorneys general are given civil enforcement authority.
Online retailers should review their relationships with third-party marketers who fall under the scope of the Act and make certain that they are in compliance with the Act.
The bill was signed into law by the President on December 29, 2010. Pub. Law No: 111-345 (2010). It is effective immediately. The text of the enrolled bill is available here.