Hey Marketers: Your Loyalty Program Can Make Your Data Privacy Team Happy

Andy Dale Jan 22, 2020

In January of 2020, the California Consumer Privacy Act (“CCPA”), a landmark US data privacy law takes effect. This data privacy law establishes a set of consumer protections, among them, the ability to request that a business stop processing or selling their personal information to third parties. The CCPA is in many ways, a US data privacy “floor” because so many businesses process consumer data of California residents and are subject to the CCPA. As many businesses did with new consumer rights under the GDPR, most companies  provide the new rights to all people, not strictly to Californians.

The CCPA is still being adjusted and a key amendment passed on July 11th, during a late-night hearing in Sacramento. The California Senate Judiciary Committee approved AB 846 which clarifies a provision of the CCPA that bars businesses from discriminating against consumers if a consumer has exercised all or some of their rights under the CCPA. A business may offer a “different price, rate, level, or quality of goods or services to a consumer if the differential treatment is reasonably related to value provided to the consumer by the consumer’s data”.

AB 846 clarifies that a business can offer a consumer loyalty program and such program will not be considered to be favoring a consumer who has allowed data access versus those who have not or those who have withdrawn their permission, thereby acknowledging that personal information is required to operate loyalty programs. AB 846 also clarifies that a business cannot sell (or share) the personal information of participants collected as part of a loyalty program.

Here’s why this matters so much for marketers: A loyalty program is a strong, practical way to obtain marketing consent under the CPPA and other data privacy laws. Via a loyalty program, a brand can engage consumers in a clear value exchange of data for program benefits. In other words, excited brand engagement in exchange for value and rewards. Where this gets tricky is the data sharing restrictions noted above. A business can share data with “Service Providers” under the CCPA without having to honor “Do Not Sell” requests because that transfer is not a “sale” when transferred to a Service Provider. The Service Provider in turn cannot use the consumer personal information for its own purposes, sell it or monetize it.  This is one of the key CCPA requirements in order to be deemed a Service Provider. SessionM for instance, is a Service Provider and does not use personal information for its own purposes – but only as directed by our brand customers. 

In sum, AB 846 has clarified that if a brand uses a CCPA defined Service Provider to power its loyalty program, the brand can collect personal information in an above-board and honest exchange with consumers and can leverage that personal information to provide the consumer with tailored offers, messaging, and engagement. Don’t have a loyalty program yet? Now might be the time.