This morning I was listening, much to my children’s chagrin, to NPR as I dropped them off at school. One subject that came up was a new push by the Federal Trade Commission to rein in subscription services that make it nearly impossible to unsubscribe from. This story included direct comment from the FTC chair and their language was music to my ears as a privacy professional, especially one who has been doing work involving GDPR and CPRA.
First off, the quote that got me hooked immediately was that it should be just as easy to unsubscribe as it was to subscribe. Lina Kahn, Chair of the FTC, made it clear that the FTC is taking a very European style approach to this problem. Their proposed “Click to Cancel” rule would add a few key provisions for applicable businesses that make use of subscriptions.
- Just as easy to cancel subscription as it is to sign up for it. If you subscribe online, you can cancel online, etc.
- Yearly notice provided to individuals to remind them of the subscription.
- Crack down on “dark patterns” used to confuse or mislead consumers.
Enforcement is through the FTC, but the fines are substantial. $50,000 per infraction per day. For any business that has several thousand customers, that is a potentially crippling fine. Given the FTC’s recent enforcement history, we know they are willing to levy large fines to organizations, such as the five billion dollar fine to Meta in 2019. This should motivate organizations to comply.
The main target of this rule are organizations that make it hard to unsubscribe. If you have ever tried to cancel a gym membership, you may remember that horror of having to go to the gym itself, talk to someone, get a long story and guilt trip, and only then do you finally get to stop the subscription. These dark patterns are the focus of Click to Cancel.
Organizations that seek to comply will need to review their practices for how they accept, track, and review subscriptions. If a method for unsubscribing does not exist in every way that they accept subscriptions, a process will need to be created. Finally, a notice template would be advisable for yearly notification to your users. Luckily, tools and resources exist for these concerns. If you need more information, or want to know how Privacy Ref could assist you and your organization, you can reach out to us on our website or through email.