Noah Cothern, Contributing Member 2023-2024
Intellectual Property and Computer Law Journal
I. Introduction
Over 268 million Americans shopped online in 2023 – a figure representing roughly 70 percent of the U.S. population.[1] Despite the many conveniences that online shopping provides, it is not without its problems. From the perspective of the Federal Trade Commission [“FTC”], certain common online business practices known as “negative option marketing” and “data passing” have become common sources of consumer harm.[2] In light of this, Congress in 2010 passed the Restore Online Shoppers’ Confidence Act [“ROSCA”] which regulates negative option marketing and data passing by making both illegal without adequate disclosure and informed consent.[3] In the years since it passed, ROSCA has proved to be a powerful consumer protection statute. As of mid-2023, the FTC has brought 32 different ROSCA enforcement actions against various online retailers including prominent companies such as Match Group and Amazon.[4]
This article examines how ROSCA regulates online retailers. Part II of this article gives background information on the harm that ROSCA aims to prevent. Part III examines the statutory text and gives compliance measures on how online retailers can comply with ROSCA by following disclosure requirements, obtaining verifiable informed consent, and providing simplified cancellation mechanisms.
II. Background
ROSCA begins with the findings of the Senate Committee on Commerce, Science, and Transportation. The Committee noted that consumer confidence is the essential driver of the continued growth of online commerce.[5] However, this confidence was damaged by the “aggressive sales tactics” that many companies employed against their online consumers.[6] To remedy this problem, two distinct practices were regulated: data passing and negative option marketing.
What is Data Passing?
Data passing is a process whereby an online retailer shares a consumer’s billing information, including banking information, with a third-party seller in exchange for sums of money known as “bounties.”[7] These third parties include offers to consumers to join club memberships as the consumers complete their transaction on the original retailer’s website.[8] These offers are intended to make consumers believe that the offers were included with the initial purchase.[9] The result is that third-party sellers would charge consumers without ever needing to acquire the consumer’s billing information directly.[10] Because of this indirect data passing of billing information, consumers were unaware they were enrolled in an entirely separate transaction.[11]
What is Negative Option Marketing?
Negative option marketing is a process whereby an online retailer uses consumer inaction as consent to justify charges.[12] The practice – in its problematic form – follows a typical path. First, retailers offer consumers a “risk-free” trial for their products with undisclosed fees if the consumers fail to cancel the trial in time.[13] Consumers are then automatically enrolled in a shipment program that sends unordered merchandise and bombarded with confusing upsells.[14] Lastly, the cancellation procedure is needlessly complex and often intentionally ineffective.[15] This process takes advantage of consumers expectation that the consumer would have the opportunity to continue or decline the membership after the trial period ended.[16]
III. Discussion
With the problems laid bare, ROSCA provides guidance on how online retailers can avoid incurring liability. This fundamentally comes down to issues of disclosure, consent, and cancellation.
Data Pass Compliance
A post-transaction third party may charge a consumer’s billing information only after the third party has “disclosed to the consumer all material terms of the transaction.”[17] All “material terms” of a transaction include (1) a description of the goods or services being offered;[18] (2) “the fact that the third party seller is not affiliated with” the initial online retailer such that the consumer knows that the consumer’s billing information would be passed along to a new retailer;[19] and (3) the costs of such goods and services.[20] Additional insight on what constitutes “material terms” can be gathered from precedent under the analogous Section 5 of the FTC Act.[21] This includes deadlines by which the consumer must act to stop charges, the date each charge will be submitted for payment, and all information necessary to cancel the contract.[22]
Disclosures must also be “clear and conspicuous.”[23] Third-party sellers may be tempted to include disclosures in a lengthy term of service agreement because the overwhelming majority of Americans do not read such agreements before accepting.[24] However, including such disclosures in lengthy terms of service agreements does not satisfy the FTC disclosure standards.[25] Additionally, disclosures must be written in “diction and syntax understandable to ordinary consumers.”[26] Thus, the technical legal jargon typically used to draft commercial paperwork must be translated to ordinary parlance. Indeed, the first case ever brought by the FTC under ROSCA was against Health Formulas LLC, which placed its disclosures in a 10-page legal terms and conditions page that was accessible only through obscure hyperlinks.[27]
After providing adequate disclosures, the post-transaction third party must receive “the express informed consent for the charge.”[28] Under ROSCA, informed consent can only be obtained by obtaining from the consumer the full account number of the account to be charged, and the consumer’s name, address, and contact information.[29] In addition, the consumer must perform an additional affirmative action that indicates the consumer’s consent to be charged.[30] This typically takes the form of a confirmation box that the consumer must click on.[31]
ROSCA effectively ends data passing as it existed previously and transforms it into a type of referral system. Third-party sellers may still negotiate with online retailers to have their products presented and referred to consumers as those consumers check out on the initial retailer’s website. However, those third parties may no longer rely on uncertainty and deception to anchor their sales.
Negative Option Marketing Compliance
The requirements for negative option marketing are similar to those for data passing. The online retailer must provide “text that clearly and conspicuously discloses all material terms of the transaction” and obtain “a consumer’s express informed consent” before making a charge.[32] However, in this section of ROSA, “all material terms” and “informed consent” are not explained. Nevertheless, it is a guiding principle of statutory interpretation that a word or phrase is presumed to bear the same meaning throughout a text.[33] Thus, the terms should be interpreted in the same manner as they are in the data passing provision of ROSCA.
Negative options, however, require a third additional step of providing “simple mechanisms for a consumer to stop recurring charges.”[34] These mechanisms must be at least as simple as the method consumers had to use to initial the negative option in the first place.[35] Additionally, the cancellation procedure should not impede a consumer’s attempt to cancel by proposing new offers in an attempt to save the arrangement.[36] Provided that online retailers do not violate these general mandates, ROSCA leaves the specifics of the cancelation procedure up to each retailer to decide. Examples of violations of this requirement include hiring only consumer service representatives who speak one language or offering prerecorded phone messages in only one language.[37] This practice, when combined with a lack of an online cancelation option, makes it virtually impossible for non-native speakers to cancel their subscriptions.[38] Other examples include charging excessive cancelation fees or failing to disclose revocation requirements that could lead consumers subject to additional charges even after cancellation.[39] In one egregious example, a company purposely invalidated the passwords of users and programmed its mobile app to prevent those consumers from successfully resetting their passwords.[40]
IV. Conclusion
The internet is a wild and new frontier when compared to traditional marketplaces like shopping malls and brick-and-mortar retail stores. As a result, fraudulent methods of commerce like data passing and negative option marking have the potential to flourish. By enacting ROSCA, the FTC has taken a leap forward in making the internet a more consumer-friendly environment. Online operators must caution themselves to take compliance seriously by focusing on adequate disclosure and informed consent. Those who run afoul of this new environment set by ROSCA risk costly liability.[41]
[1] Maryia Fokina, Online Shopping Statistics: Ecommerce Trends for 2023, Tidio, https://www.tidio.com/blog/online-shopping-statistics/ (last updated Jan. 23, 2024).
[2] Lesley Fair, Recipe for a ROSCA Violation, Federal Trade Commission, (Mar. 9, 2019) https://www.ftc.gov/business-guidance/blog/2019/03/recipe-rosca-violation.
[3] Restore Online Shoppers’ Confidence Act, Federal Trade Commission, https://www.ftc.gov/legal-library/browse/statutes/restore-online-shoppers-confidence-act (last visited Feb. 12, 2024).
[4] FTC’s ROSCA Actions, Truth in Advertising, https://truthinadvertising.org/articles/ftcs-rosca-actions/ (last updated June 27, 2023).
[5] 15 U.S.C. § 8401(2).
[6] 15 U.S.C. § 8401(3).
[7] 15 U.S.C. §8401(4).
[8] 15 U.S.C. §8401(5).
[9] Id.
[10]15 U.S.C. § 8401(6).
[11] Id.
[12] Lesley Fair, supra, note 2.
[13] Id.
[14] Id.
[15] Id.
[16] 15 U.S.C. §8401(8).
[17] 15 U.S.C. §8402(a)(1).
[18] 15 U.S.C. §8402(a)(1)(A).
[19] 15 U.S.C. §8402(a)(1)(B).
[20] 15 U.S.C. §8402(a)(1)(C).
[21] Enforcement Policy Statement Regarding Negative Option Marketing, 86 Fed. Reg. 60822, 60825 (Nov. 4, 2021).
[22] Id.
[23]15 U.S.C. §8402(a)(1).
[24] Caroline Cakebread, You’re Not Alone, No One Reads Terms of Service Agreements, BUSINESS INSIDER, (Nov. 15, 2017 7:30 AM) https://www.businessinsider.com/deloitte-study-91-percent-agree-terms-of-service-without-reading-2017-11.
[25] See Enforcement Policy Statement Regarding Negative Option Marketing, supra, note 21.
[26] Id.
[27] FTC Brings First ROSCA Case Challenging Deceptive Free Product Offers, WINSTON & STRAWN, (Nov. 14, 2014) https://www.winston.com/en/blogs-and-podcasts/privacy-law-corner/ftc-brings-first-rosca-case-challenging-deceptive-free-product-1.
[28] 15 U.S.C. §8402(a)(2).
[29] 15 U.S.C. §8402(a)(2)(A)(i); 15 U.S.C. §8402(a)(2)(A)(ii).
[30] 15 U.S.C. §8402(a)(2)(B).
[31] Id.
[32] 15 U.S.C. § 8403(1); 15 U.S.C. § 8403(2).
[33] See, Bryan A. Garner and Antonin Scalia, A Dozen Canons of Statutory and Constitutional Text Construction, Judicature, https://judicature.duke.edu/articles/a-dozen-canons-of-statutory-and-constitutional-text-construction/ (last visited Feb. 12, 2024).
[34] 15 U.S.C. § 8403(3).
[35] Enforcement Policy Statement Regarding Negative Option Marketing, supra, note 21.
[36] Id.
[37] Lesley Fair, supra, note 2.
[38] Id.
[39] Brian Turetsky, FTC Settles Section 5/ROSCA Claims Alleged Against Payment Processor Providing Services to Small Businesses, Ballard Spahr, (Aug. 3, 2022) https://www.consumerfinancemonitor.com/2022/08/03/ftc-settles-section-5-rosca-claims-alleged-against-payment-processor-providing-services-to-small-businesses/.
[40] Kathleen Benway, Robert H. Poole II, Consumer Protection/FTC Advisory: ROSCA: The FTC’s New Path to Monetary Damages?, Alston & Bird, (June 24, 2021) https://www.alston.com/en/insights/publications/2021/06/rosca-the-ftcs-new-path.
[41] See Yaron Dori, FTC Flexes ROSCA Muscle With $100 Million “Dark Patterns” Settlement with Vonage, Covington and Burling LLP, (Nov. 14, 2022) https://www.insideprivacy.com/advertising-marketing/%EF%BF%BCftc-flexes-rosca-muscle-with-100-million-dark-patterns-settlement-with-vonage/
The University of Cincinnati Intellectual Property and Computer Law Journal 
Leave a comment