What is Restore Online Shoppers’ Confidence Act (ROSCA)?

Posted: November 26, 2014

iStock_000007463364Large-1Summary of the Act
For those of you who may not be familiar with the Restore Online Shoppers’ Confidence Act (ROSCA), it is time to take notice. The Federal Trade Commission (FTC) has enforcement authority over this Act and, in the last two months alone, brought the first two enforcement actions for violations of the Act.

So, what protections does ROSCA afford consumers and why is the FTC ramping up enforcement? As stated in the Act, ROSCA was intended “to protect consumers from certain aggressive sales tactics on the Internet.”

U.S. e-retail sales are projected to surpass the $300 billon mark this year, with that number increasing significantly over the next several years, and projected to reach $491 billion by 2018 (according to Internet Retailer). As e-commerce continues to trend toward being a primary source of U.S. retail sales, ROSCA aims to protect consumers as they participate and interact with sellers over the Internet.

Specifically, the law places restrictions on two items:

  1. “Data passing” is prohibited. This refers to the transferring a consumer’s payment information to a third party from an initial merchant to a third party for purposes of that third party attempting to sell that consumer an additional product or service with limited input from the consumer. Third parties are prohibited from posting any charge to an individual’s account through an Internet transaction, unless the appropriate disclosures were made and express informed consent was obtained.
  2. Negative-option transactions have requirements under ROSCA in addition to those under the FTC’s existing rules. ROSCA requires all material terms and conditions of the sale be clearly and conspicuously disclosed prior to accepting billing information for recurring programs. Furthermore, it requires sellers obtain the consumer’s express informed consent before beginning the recurring charges, and sellers must provide consumers with a simple opt-out mechanism to stop the charges.


However, even if a seller does not participate in either of these practices, there are important lessons to be learned of the recent enforcement actions for anyone generating online sales.  Any company involved in e-commerce should use these enforcements as a reminder of the FTC’s requirements and review its online marketing practices.

Case 1: The Situation and Lessons for Online MarketersThe first enforcement was brought against multiple companies who sold dietary supplements and other healthcare-related products. The companies marketed their products as “free trials” in which the consumer was only responsible for the shipping cost, or buy-one-get-one offers. However, consumers were automatically enrolled in a recurring billing program without their knowledge and not given a simple way to stop the charges. Adequate disclosures were not present and consumers did not provide their express informed consent as required. Not only did the FTC bring actions against the companies for violating ROSCA, but allegations extend to violations of the Electronic Funds Transfer Act and Section 5 of the FTC Act, as well as the Telemarketing Sales Rule (TSR). The FTC states that the companies violated the TSR since telemarketing upsells contained negative-option features. Agents again failed to disclose the terms and conditions and requests to stop calling were not honored.

Case 2: The Situation and Lessons for Online MarketersThe second ROSCA action was aimed at a dating website for misleading customers. The company created fake online dating profiles in an effort to increase upgraded memberships. The FTC found violations of both ROSCA and Section 5, unfair and deceptive practices. Similar to the first enforcement, the website did not clearly and conspicuously inform consumers they would be enrolled in a negative-option renewal. The terms and conditions of the negative-option agreement were buried in text and hidden in a hyperlink. The online dating website will now be forced to appropriately disclose the presence of the fake profiles, as well as the terms and conditions of any negative-option feature before collecting payment information, and as with the first settlement, must provide a simple opt-out mechanism to stop charges.

ROSCA was signed into law in 2010.  Four years later, the FTC has now decided to exercise its authority under the Act. These recent enforcement actions are indicative of enforcement activity to follow.  If a company is in the beginning stages of creating an e-commerce policy, or ramping up any online transaction-based or lead generation program, the actions above are great tools, in addition to the FTC’s existing e-commerce rules, to help ensure a policy is well-rounded with all federal direct marketing law that must be taken into account.

We are happy to answer any questions you may have regarding the ROSCA consent and disclosure requirements. Please contact us at consulting@compliancepoint.com.

Laura Deemer

Author: Laura Deemer

Laura Deemer is a Consultant at CompliancePoint who focuses on US Federal and State consumer privacy law and direct marketing compliance. Laura strives to remain up to date on changes in the regulatory environment in an effort to provide the most up to date guidance for her clients. She has experience consulting for a wide range of industries and enjoys providing customized compliance solutions for every situation. Laura has earned a Certified Information Privacy Professional (CIPP/US) certification from the International Association of Privacy Professionals and Bachelors in Business Administration from Georgia College.

Leave a Reply

Your email address will not be published. Required fields are marked *

Reduce risk, maintain a compliant posture, and protect info