Not necessarily.

If a loyalty program constitutes a “financial incentive,” the regulations implementing the CCPA require that a business provide a “notice of financial incentives” which, among other things, should include an explanation of how the financial incentive is “reasonably related” to the value of the consumer’s data.1  As part of that explanation, the business is purportedly required to provide a “good-faith estimate of the value of the consumer’s data that forms the basis” for the financial incentive and provide a “description of the method” used to calculate that value.2

The regulations implementing the CCPA indicate that a business may use any “reasonable and good faith method for calculating the value of the consumer’s data” to the business, but instructs the business to at least “consider” the following eight enumerated valuation methodologies:3

  1. The marginal value to the business of the sale, collection, or deletion of a consumer’s data;
  2. The average value to the business of the sale, collection, or deletion of a consumer’s data;
  3. The aggregate value to the business of the sale, collection, or deletion of consumers’  data divided by the total number of consumers;
  4. Revenue generated by the business from sale, collection, or retention of consumers’  personal information;
  5. Expenses related to the sale, collection, or retention of consumers’ personal information;
  6. Expenses related to the offer, provision, or imposition of any financial incentive or price or service difference;
  7. Profit generated by the business from sale, collection, or retention of consumers’  personal information; and
  8. Any other practical and reasonably reliable method of calculation used in good faith.

In the context of a loyalty program, most, if not all, of the above valuation metrics would require that a business be able to predict future purchasing behaviors from a consumer.  For example, the “marginal value” to a business from the inclusion of a specific person within a loyalty program might depend upon how many goods or services the consumer ultimately purchases through their participation.  Similarly, the “expenses related to the offer, provision, or imposition of any financial incentive” might depend upon how many goods, services, or discounts a particular consumer redeems through the program.  As a result, in the context of many loyalty programs, the most accurate explanation that a business can provide regarding the value of the consumer’s data may be to explain the inherent variability.  For example, with regard to a loyalty program that permits a consumer to accrue and redeem points for a discount (e.g., $10 off for each 100 points), a good-faith estimate of the value of the consumer’s data might be to state that the expenses related to the financial incentive program are approximately $10 for each 100 points that the consumer accrues and, as such, the total expense depends upon the quantity of points accrued.

For more information and resources about the CCPA visit http://www.CCPA-info.com.


This article is part of a multi-part series published by BCLP to help companies understand and implement the General Data Protection Regulation, the California Consumer Privacy Act and other privacy statutes.  You can find more information on the CCPA in BCLP’s California Consumer Privacy Act Practical Guide, and more information about the GDPR in the American Bar Association’s The EU GDPR: Answers to the Most Frequently Asked Questions.

1. Cal. Reg. 999.307(b)(5).

2. Cal. Reg. 999.307(b)(5)(a), (b).

3. It is worth noting that an early draft of the regulations stated that a business “shall use” one, or more, of the enumerated methodologies.  The word “use” was removed and replaced in the final regulation with the term “consider.”