Client Alert

California AG Issues Notices of Violations: Will We Soon Have Guidance on Loyalty Programs Under the CCPA?

31 Jan 2022

In an action that may eventually lead to clarification around what constitutes a “financial incentive” for purposes of the California Consumer Privacy Act (CCPA), Attorney General Rob Bonta announced on January 28, 2022 that his office (the AG) was beginning an “investigative sweep” pursuant to the CCPA. The AG identified its focus on businesses operating customer loyalty programs in California and those businesses’ compliance with the CCPA’s notice requirements relating to financial incentives. In its press release, the AG indicated that it had sent letters to “major corporations” across industry sectors, including retail, home improvement, travel, and food services. These letters alleged the recipients’ non-compliance with the CCPA and provided a 30-day period for companies to cure existing issues and come into compliance with the law.

The announcement made clear that the AG believes that at least some consumer loyalty programs fall squarely within the CCPA and related regulations and that the CCPA applies with equal force to both online and “brick and mortar” transactions. Attorney General Bonta cited examples of providing a “phone number for a discount at the supermarket” or using “rewards for a free coffee at our local coffee shop” as the type of loyalty programs that require notices to be issued under the CCPA. He also referred to businesses’ finding “new ways to profit” from consumers’ personal information. What is not yet clear is whether the AG deems any loyalty program a financial incentive, or whether a loyalty program or similar offering is a financial incentive only if a participating consumer is foreclosed from exercising his or her rights under the CCPA, such as the right to opt out of the sale of his or her personal data or the right to request its deletion.

Where businesses offer financial incentives, such as discounts or free items, to their customers as part of covered loyalty programs in exchange for personal information, the CCPA requires that those businesses provide consumers with a notice relating to those financial incentives. This notice must include, among other things, a clear description of the incentives the program offers, the type of personal information the program is requesting, and the consumer’s right to opt out of the program. Failure to comply with this notice requirement places the company in violation of the CCPA and may subject the violator to civil penalties.

The AG’s press release noted that its actions were just a piece of a larger set of enforcement actions that the office had taken since it began enforcing the CCPA’s notice requirements in July 2020. Businesses operating customer loyalty programs in California should be sure to review the AG’s guidance on the CCPA and reach out to counsel if they remain unsure of the obligations under that law.



Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.