The INFORM Consumers Act: A Must-Know for Online Marketplaces
While the Integrity, Notification, and Fairness in Online Retail Marketplaces for Consumers Act (INFORM Act) went into effect on June 27, 2023, very few online marketplaces have focused on this law since then. However, the INFORM Act is now receiving increased attention from Congress and the Federal Trade Commission. Online marketplaces that operate platforms for third-party sellers may have certain compliance obligations to tackle before a regulator (or Congress) comes calling.
The INFORM Act was passed in 2021 by Senators Dick Durbin and Bill Cassidy to combat what they perceived as a noticeable rise in organized retail crime rings’ online resale of stolen items from brick-and-mortar retailers. The act aims to address these activities by requiring online marketplaces to collect, verify, and disclose information about high-volume third-party sellers who offer new or unused consumer products for sale.
This past July, Durbin publicly criticized the FTC for its failure to issue regulations or enforce the act against online marketplaces, stating at a Senate Judiciary Committee hearing that “the Federal Trade Commission has literally dropped the ball on enforcing the INFORM Consumers Act.” Senator Durbin also sent a letter to the FTC requesting a broad range of information about the agency’s involvement in enforcing the act. Less than a month later, the FTC announced a $2,000,000 settlement with Temu, which also imposed a variety of injunctive relief obligations on the company, many of which arguably extend beyond the act’s requirements.
What is an Online Marketplace or High-Volume Third-Party Seller?
Following the hearing, Durbin and Cassidy identified and sent letters to 46 companies allegedly operating online marketplaces regulated by the INFORM Act. An entity qualifies as an online marketplace under the act if it operates an electronic platform that:
- Includes features that allow for, facilitate, or enable third-party sellers to engage in the sale, purchase, payment, storage, shipping, or delivery of a consumer product in the United States.
- Is used by one or more third-party sellers for such purposes.
- Has a contractual or similar relationship with consumers governing their use of the platform to purchase consumer products.
A high-volume third-party seller is “a participant on an online marketplace's platform who is a third-party seller and, in any continuous 12-month period during the previous 24 months, has entered into 200 or more discrete sales or transactions of new or unused consumer products and an aggregate total of $5,000 or more in gross revenues.”
Requirements for Online Marketplaces
Online marketplaces subject to the act must do the following:
- Collection: Require all high-volume third-party sellers to provide (and notify of changes to) bank account number, contact information (name for individuals, government ID for businesses), tax ID, email, and phone numbers. This information must be requested within 10 days of a seller meeting the statutory definition, necessitating careful oversight by online marketplaces of when sellers are close to crossing this threshold.
- Verification and Certification: Verify the above information (and associated changes) within 10 days of receipt and annually.
- Reporting: Provide electronic and telephonic reporting mechanisms allowing consumers to report suspicious marketplace activity.
- Compliance: Suspend sales activities of high-volume third-party sellers that do not comply with the act’s requirements.
- Public Disclosure: Require certain high-volume third-party sellers (with over $20,000 in annual gross revenues) to disclose their name, address, contact information, and certain activities clearly and conspicuously on product listings or order confirmations.
- Data Use and Security: Use disclosed information only for compliance and maintain technical and organizational measures to protect it.
Next Steps for Online Marketplaces
The FTC likely will step up enforcement efforts due to the senators’ criticisms, and state attorneys general may do the same. Companies that received an INFORM Act inquiry should consider seeking counsel to draft a response and mitigate both legal and reputational risk. Those that have not received a letter should still assess whether they qualify as an online marketplace, preemptively build compliance processes, and document measures taken.
Zach Lerner is a senior legal director at ZwillGen whose practice focuses on a variety of legal matters impacting internet-based companies.
Melissa Maalouf is a shareholder at ZwillGen whose practice focuses on representing clients in a vast range of privacy, security, advertising, and e-commerce matters.
Ben MacLean is an attorney at ZwillGen who advises emerging and established technology companies on a broad range of data privacy, consumer protection, and other internet-related legal issues.
Zach Lerner’s practice focuses on a variety of legal matters impacting Internet-based companies. He helps B2C and B2B companies in a wide range of industries, including media and publishing, streaming, transportation and delivery, education technology, financial technology, and fantasy sports/skill and chance gaming, with issues related to privacy, data diligence, e-commerce, advertising, product development, and regulatory compliance.
Zach works closely with clients on automatic renewal and continuing subscription offerings, helping them navigate the patchwork of state, federal, and international laws and regulations. He is also part of the Uniform Law Commission’s Recurring Service Charges Committee which has been tasked with drafting a model state bill governing auto-renewing and continuous service contracts. Additionally, he advises mobile app providers on the rules restricting in-app purchases and marketing.
Zach regularly counsels companies on emerging privacy and data protection laws, including the California Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), and other comprehensive state privacy laws, as well as global marketing rules. He also has extensive experience with state and federal student privacy statutes, including COPPA, FERPA, and SOPIPA. Zach works with clients on mitigating risks associated with using alternative data, managing social media influencer campaigns, operating user review platforms and consumer rewards programs, and designing websites and mobile apps for accessibility. He assists clients in drafting policies and procedures, including terms of service, privacy policies, end user licensing agreements, API agreements, and vendor contracts. In addition, he understands the practical considerations for implementing blockchain and smart contract technology.
When it comes to litigation and government investigations, Zach has extensive experience assisting clients facing complex class action lawsuits, FTC investigations, and multi-state attorney general investigations. He has represented clients in matters involving COPPA, the Electronic Communications Privacy Act (ECPA), the Video Privacy Protection Act (VPPA), the Michigan Video Rental Privacy Act (VRPA), the Illinois Biometrics Information Privacy Act (BIPA), the California Automatic Renewal Law, as well as state privacy and unfair competition laws.
Zach served as a law clerk to the Honorable Peter J. Messitte on the United States District Court for the District of Maryland. He is published in DataGuidance for his work on data privacy and protection in the education sector as well as the Harvard Journal of Law & Technology and the Yale Journal of Law and Technology.
Zach received his J.D. from Harvard University where he graduated cum laude and served as a legal research assistant at the Berkman Center for Internet & Society. After earning his A.B. from Duke University, Zach joined Teach For America and taught middle school social studies for two years while simultaneously earning his Master’s in Education.
Melissa Maalouf’s practice focuses on representing clients in a vast range of privacy, security, advertising, and e-commerce matters through counseling, responding to FTC and State Attorneys General investigations, and analyzing risks associated with corporate transactions.
Melissa regularly counsels both emerging and established companies on navigating risks and developing mitigation strategies related to online tracking activities, artificial intelligence, the collection and use of sensitive information (such as health data), evolving children’s and teen privacy issues, and the offering of e-commerce and fintech solutions. She advises clients and defends them in federal and state regulatory enforcement actions regarding alleged violations of state and federal privacy laws such as the California Consumer Privacy Act (CCPA), Colorado Privacy Act (CPA), COPPA, FERPA, SOPIPA, BIPA, GLBA, FCRA, and CAN-SPAM. She also regularly advises clients on the legal implications of artificial intelligence and Large Language Models (LLMs) in both a B2C and B2B context, as well as on the development of AI governance strategies and impact assessments.
Melissa works closely with clients to develop strategies, taking into consideration their size and international footprint, for compliance with global marketing and cookies rules, consumer protection regulations, data protection laws (including the EU GDPR, Brazilian LGPD, and Canadian privacy laws), and international data transfer restrictions. She also advises on e-commerce issues, such as consumer disclosure requirements during the e-commerce flow, auto-renewal subscription regulations, and electronic signature laws.
Prior to joining ZwillGen, Melissa was an associate in the Communications, Media, and Privacy group at Willkie Farr & Gallagher LLP, where she counseled clients on a variety of international and domestic data privacy, data security, e-commerce, and technology issues.
Ben MacLean advises emerging and established technology companies on a broad range of data privacy, consumer protection, and other Internet-related legal issues.
His practice spans both counseling and litigation, with experience representing clients on a variety of litigation matters, including Video Privacy Protection Act and California Invasion of Privacy Act claims, law enforcement requests for user data, and government investigations. In addition to litigation, Ben counsels clients on technology transactions and compliance with complex federal and state regulatory frameworks, including those governing children’s privacy, social media, automatic renewal contracts, and online gaming.
Ben previously served as a Fellow at ZwillGen. Prior to joining the firm, Ben interned at the Federal Trade Commission, supported in-house privacy teams at T-Mobile and Smartsheet, and aided technology and constitutional litigation at the King County Prosecuting Attorney’s Office. Ben received his J.D. from the University of Washington School of Law, where he served on the Washington Law Review and worked for the Entrepreneurial Law Clinic and Alliance for Disability Law and Justice.
