President Barack Obama has signed into law the Restore Online Shoppers’ Confidence Act (ROSCA). The new law restricts "post-transaction third-party marketing," where a shopper's online purchasing information is passed from one merchant to another, who then uses that data to enroll the consumer in their programs, oftentimes without the consumer’s knowledge or consent.

The Act makes it unlawful for any Internet merchant to pass personal financial data -- credit card, debit card, bank account, financial account numbers or any other billing information -- to third party merchants for use in an Internet-based sale of goods or services from the post- transaction third party seller.

ROSCA was developed as a result of an investigation conducted by the Senate Committee on Commerce, Science and Transportation. The Committee found hundreds of honest online retailers were sharing their billing, credit card and debit card information with third party sellers through the data pass process. Some third party sellers then offered consumers “memberships” which were cleverly disguised as part of the consumer’s initial purchase. The consumers were given a “negative option” where they could decline the membership after an initial trial period.  Following the free trial period consumers who did not cancel the membership were charged recurring fees.

The new law deems this practice to be a misleading sales tactic. According to the Act, “It shall be unlawful for any post-transaction third party seller to charge or attempt to charge any consumer’s credit card, debit card, bank account, or other financial account for any good or service sold in a transaction effected on the Internet, unless:

(1) before obtaining the consumer’s billing information, the post-transaction third party seller has clearly and conspicuously disclosed to the consumer all material terms of the transaction, including:

(A) a description of the goods or services being offered;
(B) the fact that the post-transaction third party seller is not affiliated with the initial merchant, which may include disclosure of the name of the post-transaction third party in a manner that clearly differentiates the post- transaction third party seller from the initial merchant; and
(C) the cost of such goods or services; and

(2) the post-transaction third party seller has received the express informed consent for the charge from the consumer whose credit card, debit card, bank account, or other financial account will be charged by:

(A) obtaining from the consumer—
(i) the full account number of the account to be charged; and
(ii) the consumer’s name and address and a means to contact the consumer; and
(B) requiring the consumer to perform an additional affirmative action, such as clicking on a confirmation button or checking a box that indicates the consumer’s consent to be charged the amount disclosed."

In addition, ROSCA makes it unlawful for any Internet merchant to pass personal financial data -- credit card, debit card, bank account, financial account numbers or any other billing information -- to third party merchants for use in an Internet-based sale of goods or services from the post- transaction third party seller.

The Act prohibits the practice of negative option marketing, unless the merchant:

(1) provides text that clearly and conspicuously discloses all material terms of the transaction before obtaining the consumer’s billing information;
(2) obtains a consumer’s express informed consent before charging the consumer for the transaction; and
(3) provides simple mechanisms for a consumer to stop any recurring charges.

Violations of ROSCA shall be treated as a violation of a rule under section 18 of the Federal Trade Commission Act (15 U.S.C. 57a) regarding unfair or deceptive acts or practices.