Congress enacted the Restore Online Shoppers’ Confidence Act (“ROSCA”) back in the early 2010s. ROSCA had two main purposes. First, it was intended to protect online consumers and purchasing by banning “payment data passing.” This occurred when merchants sold or passed along consumer payment and billing data without the consent of the consumer. This often happened without even the knowledge of the consumer. Some merchants then used the unauthorized payment and billing data to charge the consumer for other and additional goods or services. Since the consumer was not required to reenter payment and billing information, many consumers were charged and received products that they did not want. All of this has been given the cumbersome name of “internet-based post-transaction third-party sales.” ROSCA bans and prohibits such transactions.

More specifically, ROSCA prohibits the so-called “data pass.” That is, the initial online merchant is not allowed to share or disclose payment/billing data, such as payment card and bank account numbers, to another merchant/third-party seller for use in a sale by said merchant/third-party seller. As another protection, ROSCA provides that if such merchant/third-party seller wants to attempt a sale, then it cannot obtain the “data pass” without providing various notices and obtaining express consent from the consumer.

Since the enactment of ROSCA, several States have enacted their own consumer data privacy and protection statutes. One of the most famous is the California Consumer Protection Act which has been amended and strengthened in recent years. As another example, the state of Indiana has recently passed its own consumer data privacy/protection statute called the Indiana Consumer Data Protection Act (“ICDPA”). All of these state-level statutes ban the sharing of consumer data — such as billing and payment information — for any use other than disclosed business purposes. More to the point, these statutes also ban the selling or sharing of consumer data where the consumer has not consented to the selling/sharing. In effect, these State-level statutes also ban the “data pass” between online merchants, which is outlawed by ROSCA.

ROSCA also had a second purpose which was to regulate what are called “negative option features” in online product and service sales. “Negative option” refers to a legal concept where a consumer’s consent to purchase or continue receiving a product is INFERRED from a customer’s silence, failure to cancel a product/service or, or failure to take some other affirmative action to reject those goods or services. For example, consider some “PRODUCT of the Month” internet sales (like maybe types of coffee). These might be “fun” for the first couple of months. However, such sales become very problematic if the consumer wants to cancel the ongoing product/service but cannot find an easy method of cancellation. Worse still are those products or services bought online where the consumer thinks the purchase is “one-off.” However, a month later, there is another charge and another product arrives.

ROSCA prohibits the use of such negative options in online sales agreements unless:

• The full and complete terms of the transaction are fully and conspicuously disclosed BEFORE billing and other information is collected
• The seller obtains express consent and
• The consumer has a simple mechanism to cancel or otherwise stop the recurring charges

Contact the Internet Attorneys at Revision Legal

For more information, contact the experienced Ecommerce Lawyers at Revision Legal. You can contact us through the form on this page or call (855) 473-8474.