Hero Starlight Image
View CCPA Act

Financial Incentives

The Statute

The CCPA section 1798.125 cites the concept of a “financial incentive” in the context of (and as a foil to) “discrimination” against consumers for exercising any of the consumer’s rights under the statute. Section 1798.125(a)(1) cites the following as examples of such discriminatory actions:

A. Denying goods or services to the consumer.
B. Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties.
C. Providing a different level or quality of goods or services to the consumer.
D. Suggesting that the consumer will receive a different price or rate for goods or services or a different level or quality of goods or services.

However, this section qualifies the prospect of discrimination by stating that “[n]othing in this subdivision prohibits a business from charging a consumer a different price or rate, or from providing a different level or quality of goods or services to the consumer, if that difference is reasonably related to the value provided to the business by the consumer’s data.” 1

There are two types of financial incentives, direct payments and differences in price, rate, level, or quality of goods/services. The statute states that

[a] business may offer financial incentives, including payments to consumers as compensation, for the collection of personal information, the sale of personal information, or the deletion of personal information. A business may also offer a different price, rate, level, or quality of goods or services to the consumer if that price or difference is directly related to the value provided to the business by the consumer’s data. 2

Other requirements of the statute:

  • A business that offers any financial incentives pursuant to this subdivision shall notify consumers of the financial incentives pursuant to Section 1798.130 [i.e., consumer submission of requests for information]. 3
  • A business may enter a consumer into a financial incentive program only if the consumer gives the business prior opt-in consent pursuant to Section 1798.130 that clearly describes the material terms of the financial incentive program, and which may be revoked by the consumer at any time. 4

The statute does not delve into any detail on how to calculate the value of a consumer’s personal information; rather, it looks to the California Attorney General to promulgate the rules concerning this via the Regulations.

The Regulations

The CCPA Regulations define financial incentive as “a program, benefit, or other offering, including payments to consumers, related to as compensation, for the collection, retention disclosure, deletion, or sale of personal information.” 5 As with the statute, the Regulations use the prospect of discrimination against a consumer as a foil, stating that “[i]f a business is unable to calculate a good-faith estimate of the value of the consumer’s data or cannot show that the financial incentive or price or service difference is reasonably related to the value of the consumer’s data, that business shall not offer the financial incentive or price or service difference.” 6 This restriction is cited in Article 6 of the Regulations, the Article that addresses discriminatory practices.

With respect to the notice of the financial incentives, the Regulations explain that “[t]he purpose of the notice of financial incentive is to explain to the consumer the material terms of a financial incentive or price or service difference the business is offering so that the consumer may make an informed decision on whether to participate.” 7 The Regulations note that if the business does not offer such an incentive, then no notice is required. 8

The principles for the formatting of the notice are very similar that that of the privacy policy, namely: 9

  • Use plain, straightforward language and avoid technical or legal jargon;
  • Use a format that draws the consumer’s attention to the notice and makes the notice readable, including on smaller screens, if applicable;
  • Be available in the languages in which the business provides contracts, disclaimers, sale announcements, and other information;
  • Be reasonably accessible to consumers with disabilities; and
  • Be readily available where consumers will encounter it before opting into the financial incentive or price or service difference.

Contents of the notice include the following: 10

1) A succinct summary of the financial incentive or price or service difference offered;
2) A description of the material terms of the financial incentive or price or service difference;
3) How the consumer can opt-in to the financial incentive or price or service difference;
4) A statement of the consumer’s right to withdraw from the financial incentive at any time and how the consumer may exercise that right; and
5) An explanation of how the financial incentive or price or service difference is reasonably related to the value of the consumer’s data.

With respect to calculating the value of consumer data, the Regulations state that “a business offering a financial incentive or price or service difference shall use and document a reasonable and good faith method for calculating the value of the consumer’s data.” 11 It offers the following as potential components of such a calculation: 12

1) The marginal value to the business of the sale, collection, or deletion of a consumer’s data or a typical consumer’s data;
2) The average value to the business of the sale, collection, or deletion of a consumer’s data or a typical consumer’s data;
3) The aggregate value to the business of the sale, collection, or deletion of consumers’ data divided by the total number of consumers;
4) Revenue generated by the business from sale, collection, or retention of consumers’ personal information;
5) Expenses related to the sale, collection, or retention of consumers’ personal information;
6) Expenses related to the offer, provision, or imposition of any financial incentive or price or service difference;
7) Profit generated by the business from sale, collection, or retention of consumers’ personal information; and
8) Any other practical and reasonably reliable method of calculation used in good-faith.

Finally, in the event that a consumer uses a global privacy control (such as a Do Not Track browser signal) when participating in business’s financial incentive program, the control will take precedence:

If a global privacy control conflicts with a consumer’s existing business-specific privacy setting or their participation in a business’s financial incentive program, the business shall respect the global privacy control but may notify the consumer of the conflict and give the consumer the choice to confirm the business-specific privacy setting or participation in the financial incentive program. 13 [emphasis added]

1. Cal. Civ. Code §1798.125(a)(2).
2. Cal. Civ. Code §1798.125(b)(1).
3. Cal. Civ. Code §1798.125(b)(2).
4. Cal. Civ. Code §1798.125(b)(3).
5. The CCPA Regulations §999.301(j).
6. The CCPA Regulations §999.336(b).
7. The CCPA Regulations §999.307(a)(1).
8. Id.
9. The CCPA Regulations §999.307(a)(2).
10. The CCPA Regulations §999.307(b)(1)-(5).
11. The CCPA Regulations §999.337(a).
12. The CCPA Regulations §999.337(a)(1-8).
13. The CCPA Regulations §999.315(d)(2).

Ready to get started?

Schedule a personalized demo with one of our data security experts to see Spirion data protection solutions in action.

Watch demo now
Discover, protect and comply.

Protect sensitive information with a solution that is customizable to your organizational needs. When your job is to protect sensitive data, you need the flexibility to choose solutions that support your security and privacy initiatives.

Governance Suite →

Industry Solutions

Not knowing where sensitive client financial data resides and failing to take the right security precautions can be a costly mistake for your organization. Find out how Data privacy is treated in your sector.

Read more →