Last month, the Federal Trade Commission brought a pair of actions under the Restore Online Shoppers’ Confidence Act (“ROSCA”) – the first of their kind.

ROSCA Generally

ROSCA (15 U.S.C. 8401 et seq.) was signed into law just before the end of 2010. In general, the law regulates two types of online transaction: sales using a negative option feature and sales by a third party to a consumer immediately following a transaction between that consumer and an “initial merchant” – defined for these purposes as a “person that has obtained a consumer’s billing information directly from the consumer through an Internet transaction initiated by the consumer.” 15 U.S.C. §8402(d)(1).

Post-Transaction Third-Party Sellers and Data Pass

One major concern of ROSCA are transactions in which a consumer makes a purchase from an initial merchant and the initial merchant then – in an act known as “data pass” – transmits the consumer’s payment information to a third party, enabling the third party to sell the consumer an additional product or service with minimal additional consumer input.  Prior to ROSCA, the fluidity of the data pass and (in many cases) seemingly deliberate subterfuge by the initial and third-party merchants made it such that the terms – or even existence – of these post-transaction, secondary sales may not have been immediately clear to the purchasers.

To address this, ROSCA does two things. First, it prohibits data pass.  Pursuant to ROSCA, the initial merchant cannot disclose a payment card, bank account, or other financial account number to a post-transaction third-party seller for use in any sale by the third-party seller.  For these purposes, a “post-transaction third party seller” is, generally, any seller that solicits a secondary sale to a consumer through the initial merchant (and is not a subsidiary, affiliate, or successor of the initial merchant).  Second, ROSCA requires that the third-party seller make certain clear and conspicuous disclosures about itself and the goods or services it is offering prior to collecting the consumer’s payment information and that the seller get the consumer’s express, informed consent prior to charging him or her.

Negative Option Features

The other major provision of ROSCA regulates use of negative option features in online sales.  The definition of “negative option feature” is taken from the FTC’s Telemarketing Sales Rule (16 C.F.R. 310), under which the term means: “in an offer or agreement to sell or provide any goods or services, a provision under which the customer’s silence or failure to take an affirmative action to reject goods or services or to cancel the agreement is interpreted by the seller as acceptance of the offer.”  There are many kinds of negative option features, including automatic-renewal service subscriptions (like those offered by the many online services that utilize recurring, month-to-month subscriptions), continuity plans (where the consumer periodically receives a new shipment of goods until they cancel the agreement), and prenotification negative option plans for the sale of goods (like those offered (in a bygone era) by monthly cassette and CD clubs). [Note that the FTC has its own rule that specifically address prenotification negative option plans for the sale of goods, available here.]

ROSCA generally prohibits use of a negative option feature in online sales unless the seller clearly and conspicuously discloses all material terms of the sale before collecting billing information from the consumer, obtains the consumer’s express informed consent before charging him or her, and provides a simple mechanism to stop recurring charges.

ROSCA empowers both the FTC and state Attorneys General to enforce it.  For violations enforced by the FTC, the penalty is the same as for other violations of the FTC Act: up to $16,000 per violation.

The FTC’s October 2014 ROSCA Actions

In its first ROSCA action, the FTC secured a temporary restraining order against Chapnick, Smukler & Chapnick, Inc. of California and a host of related defendants based on advertising and sales practices for a number of the defendants’ health products. The facts of the complaint are complex and the FTC alleges that the defendants collectively engaged in a litany of deceptive and unlawful practices in violation of the FTC Act, the Electronic Funds Transfer Act, and the FTC’s Telemarketing Sales Rule.  Among the other charges, the FTC alleges that the defendants violated ROSCA by using free-trial and buy-one-get-one offers as bait to enroll consumers in a negative option sales program while failing to disclose the program’s material terms and get consent prior to the initial sale and failing to provide a simple mechanism to stop the recurring charges, each as required under ROSCA. The FTC was awarded a temporary restraining order on October 9th and is currently seeking a permanent injunction in Nevada federal court.

In the second action, the FTC reached a settlement with online dating service JDI Dating, Limited and its owner, William Mark Thomas.  JDI operates a collection of 18 dating websites.  In its complaint, the FTC alleged that JDI violated § 5 of the FTC Act by sending newly registered users communications that appeared to come from other romantically interested users.  In reality, these communications were automated messages sent by the company in an effort to entice the new user to upgrade to a paid membership.  The FTC also alleged that JDI violated ROSCA by enrolling subscribers to its service in an automatic-renewal subscription program without clearly disclosing the existence of the automatic-renewal provision or the program’s other material terms and without offering a simple method to discontinue the subscription.

These cases involve many deceptive practices that business owners would be wise to avoid. However, as they are the first actions brought by the FTC pursuant to its authority under ROSCA, they are more noteworthy for their general precedent than their specific facts. In both actions, the FTC relied on ROSCA’s negative-option provisions and – given the overwhelming prevalence of online services that offer auto-renewal, negative-option subscription plans – we expect to see similar actions in the future.  In particular, we anticipate that the FTC may use ROSCA claims (as it did here) to shore up actions where it is also claiming that the defendant has engaged in unrelated deceptive practices in violation of § 5 of the FTC Act.  If you are an online merchant and you utilize a negative option feature, now would be a good time to review your enrollment and cancellation procedures and confirm that you are fully compliant with ROSCA.