Over the past several years, state legislatures have become more aggressive in passing laws to protect consumers’ digital rights. The promulgation of state data security and privacy laws, such as the California Consumer Privacy Act, is a prime example of this trend. Another less publicized example of state oversight of online activities is legislation regulating automatic renewals, which have become very common and present new and little appreciated regulatory and litigation risks. Here’s a quick primer on these laws.
As background, automatic renewals refer to the business practice of subscribing a customer to receive a product or service and billing customers periodically for products and services without needing to obtain their express consent before each charge. Automatic renewals can benefit both customers and businesses; customers enjoy having their favorite products or services delivered to them automatically and businesses benefit from steady delivery of their products and services. On the other hand, regulators remain concerned that these automatic renewals can be misused by online retailers, publications and service providers, who may not always provide consumers with adequate disclosures or provide an easy mechanism to cancel their subscriptions before being charged again.
On the federal level, internet-based automatic renewals are regulated by the Federal Trade Commission (FTC) under the Restore Online Shoppers’ Confidence Act (ROSCA). This law requires clear disclosures of material terms, informed consent before obtaining financial information to process a purchase, and a simple mechanism to cancel the charges. Violations of ROSCA are categorized as unfair or deceptive acts or practices under the Federal Trade Commission Act. The FTC has become more aggressive in policing ROSCA, recently settling charges against Hardwire Interactive Inc. for $3,000,000.
On the state level, 26 states have implemented some form of automatic renewal laws. States that recently adopted these laws include California in 2018, and Vermont, Virginia, Washington, D.C. and North Dakota, in 2019. The North Dakota law is the most recent and provides a private cause of action for consumers injured by illegal renewals. Virginia also provides a private right of action for injured consumers.
In California, the law requires disclosures to customers for automatic renewals, free gifts, and trials as well as to offer a way for customers to cancel their subscriptions online. Vermont’s automatic renewal law requires that in addition to accepting the contract, the customer must also take affirmative action to opt into automatic renewal provisions of the contract. In Virginia, businesses must obtain a customer’s affirmative consent to the automatic renewal terms prior to charging the customer. In D.C., customers need to opt into the subscription after the end of their free trial, requiring the business to go back to the customer and ask for their consent.
These laws require businesses to restructure the way their current automatic renewal processes work. Businesses must take into account the additional consent requirements and update their systems so that customers are not automatically billed until the business receives all the opt ins required to process the transaction. Also, because most businesses conduct business in more than one state, the automatic renewal process needs to be compliant for every state in which the business operates.
The state laws also provide regulatory penalties for non-compliance. In October 2018, Spark Networks, the parent company of dating websites JDate and Christian Mingle, settled an enforcement claim brought by the California Attorney General for $1,500,000 for automatic renewal violations. In addition to fines, some states give customers additional rights regarding automatic renewals conducted in violation of the law. In California, if the business sends a product without following the requirements of the law, the customer may keep the product as an unconditional gift.
We are in the midst of a period of increased regulatory scrutiny of businesses’ online activities. If your business uses automatic renewals to deliver products and services to customers, you should consider reviewing your practices to ensure compliance with these new laws.