California Attorney General Rob Bonta said he has warned “major corporations” that their loyalty programs run afoul of the state's privacy law, which requires companies offering
financial incentives to disclose key terms before collecting consumers' data.
He stated Friday that warnings were sent to “major corporations in
the retail, home improvement, travel, and food services industries.” Recipients were told they have 30 days to comply with the law's mandates.
The California Consumer Privacy Act, which
took effect in 2020, broadly allows consumers to learn what personal information about them is held by businesses, request deletion of that information, and opt out of its sale.
The bill also
requires companies that offer “financial incentives” for data to notify consumers about all material terms, and obtain their explicit consent. Regulations passed by the attorney general
specify that companies must provide consumers with a “good faith estimate” of the value of their data.
Bonta said Friday that those requirements apply to brick-and-mortar companies
as well as online ones.
“In the digital age, it’s easy to forget that our data isn’t only collected when we go online,” Bonta when he announced the warnings.
“It's collected when we enter our phone number for a discount at the supermarket; when we use rewards for a free coffee at our local coffee shop; and when we earn
points to purchase items at our favorite clothing store.”
The California law itself doesn't define “financial incentives,” and privacy experts have debated
whether loyalty programs are considered financial incentives, according to Daniel Goldberg, a partner at Frankfurt Kurnit Klein & Selz, where he chairs the firm's privacy and data security
group.
But the statement issued Friday indicates that the Attorney General's office believes loyalty programs meet the definition of financial incentives, Goldberg tells MediaPost.
“They've made it very clear that they consider loyalty programs to trigger the financial incentive obligation,” he says.
Goldberg also says some companies don't want their
loyalty programs treated as “financial incentives,” because they treat the value of customer data as proprietary information.
“Many businesses have resisted classifying their
loyalty programs as financial incentives on the basis that how they value their consumer data is a trade secret which they don’t want to publicly disclose,” he wrote in a post on Frankfurt Kurnit's website.