SSP 60 | Subscription Compliance

If you haven’t been focused on subscription compliance before, you definitely need to start paying attention now.

The Federal Trade Commission (or FTC) is getting serious about cracking down on “dark patterns” in the world of subscriptions. They recently filed a lawsuit against Amazon for enrolling consumers in Amazon Prime without consent and for what they call “cancellation trickery. They’ve also announced plans to increase stringency around subscription rules.

Today’s guest on the podcast, Davis + Gilbert partner Paavana Kumar, is a legal expert on eCommerce, with an emphasis on subscriptions. In today’s conversation, we talk about some of the key elements in subscription regulations, the planned changes being proposed by the FTC in the US, and specific actions every subscription-based business should take if they want to stay on the right side of the law.

Listen to the podcast here

The Legal Side Of Subscriptions With Davis+Gilbert Partner Paavana Kumar

If you haven’t been focused on subscription compliance before, you need to start paying attention now. The Federal Trade Commission or FTC is getting serious about cracking down on dark patterns in the world of subscriptions. They filed a lawsuit against Amazon for enrolling consumers in Amazon Prime without consent and for what they call cancellation trickery. They have also announced plans to increase stringency around subscription rules.

Our guest on the show, Davis+Gilbert partner Paavana Kumar, is a legal expert on eCommerce with an emphasis on subscriptions. In this conversation, we talk about some of the key elements in subscription regulations, the plan changes being proposed by the FTC in the US, and specific actions every subscription-based business should take if they want to stay on the right side of the law.

I’m excited to talk to you. The legal side of subscriptions is something that remains mysterious and murky for a lot of people, yet it’s so important. Before we jump into that, I want to ask you. What was the path that led you to become an expert on subscription compliance?

It was, given what a niche it is, quite a surprisingly natural evolution. I’ve been in advertising and marketing law for my entire career. I’ve seen my practice evolve alongside the industry. When I started at Davis+Gilbert, we were still calling influencers bloggers and working in the metaverse. eCommerce was not the primary focus historically working in the advertising industry, but over time, I developed this deep eCommerce focus, working with our retailer clients and our brand clients, developing that aspect of the practice, and working with all kinds of D2C companies from startups to software companies to brand agencies on everything under the sun that could relate to how they engage with consumers and how they lead consumers through the purchase journey.

That could be the use of consumer promotions, gift cards, and loyalty programs. Over time, that evolved to, “You can’t be a leader in the eCommerce space if you aren’t on top of subscription programs and subscription compliance.” I was seeing the rise of these programs well before the pandemic and was starting to develop that expertise as I was seeing more of my clients start to develop these programs and be asking questions about how to make sure they comply with the various laws around them. It hit an inflection point a little bit after 2020. It comprises such a huge part of my practice. You can’t be an expert in eCommerce if you’re not also deep in the weeds on subscriptions.

The other thing I’ll add too is that as I’ve gotten more involved, I have enjoyed being involved in the subscription community. You and I were both at SubSummit in Dallas. I loved seeing such a diverse group of founders, decision makers, and women founders all very passionate about identifying consumer pain points and coming up with solutions to problems that don’t necessarily already have a solution. There are lots of people with great visions in the industry. I enjoy working with those companies as outside counsel, more as a partner to help them bring those visions to life while lowering their overall risk profile and understanding what they have to do in pretty practical and simple terms to build their brand without losing their customers.

I love how you said you’re working with them as a partner on their business as they’re developing their business as part of that creative process. What are some of the issues from the legal side that come up as they’re sharing their strategies with you?

It may be helpful for everyone to take a step back in terms of what I mean when I say subscription compliance. When I say subscription compliance, there are federal laws that govern automatic renewal programs. That’s your standard free trial conversion. You have a subscription that renews every month, every quarter, every six months, or every year. There are also laws in almost every state regulating those programs. There are no unified rules.

Let’s assume you’re advertising to a nationwide base of consumers. Companies in the space have to figure out a way to comply with federal law as well as laws in each of these states. These laws apply to any company in the subscription space. You could be a beauty subscription box. You could be a Software-as-a-Service platform. You could be a technology company. You could be in healthcare. You could be in food and beverage. These laws are going to apply to you if you run a program that has a subscription element to it.

Specifically, those laws have very specific and stringent requirements around how you disclose to consumers what the terms of the program are, how they are going to be billed, and getting affirmative consent from those consumers. Do you need a checkbox? Is it a button? What exactly does it have to say? You’re communicating with those consumers after they sign up crucially how they can cancel their subscription. I’ve heard a lot about this on the business side in terms of the balance of being consumer-friendly and prioritizing consumer retention.

The FTC is proposing certain updates to its laws that would require, for example, immediate cancellation of subscriptions. It would require you to be able to cancel your subscription in the same way that you signed up. There’s also going to be significant discussion around how you can upsell consumers. For example, in the past, it was a pretty common tactic for companies to say, “You want to cancel. Here’s a 20% offer instead of canceling.”

What the federal law is now proposing to say is, “You have to ask the consumer’s permission to upsell them before you do that upsell.” That’s not industry standard. At this point in my career, I’m helping companies understand what these obligations are. A lot of them aren’t aware. You have companies from startups to enterprise-level companies that may even be generally aware of these laws but don’t know how to comply and implement them.”

I work with companies from 1 lawyer to 100 lawyers, but the company with 100 lawyers might not have one that specializes in subscription compliance and understands these obligations. I mentioned that these laws vary from state to state. Some of those states have idiosyncratic requirements that may even vary depending on the billing cycle.

It’s challenging for companies to come up with an approach that complies with this patchwork of laws without necessarily having to take the most conservative approach all the time. What I help companies do is audit their processes to come up with an approach that works for them while understanding that there are benefits to consumer retention tactics and impact on revenue while also making sure that they understand these obligations and are able to comply in the states where they’re targeting consumers.

It's challenging for subscription-based companies to come up with an approach that complies with the patchwork of laws without necessarily having to take the most conservative approach all the time. - @LPaavana Share on X

You talked about how the states are quite varied. Is there a state that is either leading the charge or that is the most stringent that you look at first? Is it idiosyncratic state by state?

California has set the gold standard in terms of being the most conservative. We’re going to get to this later. If you look at where the federal law is heading, they take a lot of cues from California in terms of what they want to implement on the federal level. You have some other idiosyncratic states like DC and Vermont that have very specific requirements for annual plans that go above and beyond what you would require for a monthly plan. For example, requiring a checkbox sent to the order renew and putting certain disclosures in bold to be conspicuous enough for the consumer.

SSP 60 | Subscription Compliance

Subscription Compliance: California has set the gold standard in terms of being the most conservative subscription compliance laws. Federal laws take a lot of cues from them.


The rationale is that consumers are more likely to forget about an annual plan or less likely to understand that the price is higher, and it’s going to order renew, whereas, for a monthly, you know that it’s going to renew every month. Some of those states are leading the charge but new laws are being passed all the time. Idaho passed one in January 2023. California’s law was updated, and so were New York’s and Colorado’s.

It seems very complicated. I try to keep the 50-state knowledge in my head so I can say, “Here’s what’s required in these states.” Does it make sense to bifurcate your approach? It doesn’t make sense to comply with California, DC, and Vermont across the board. That will be a case by case depending on what you are offering. If you need to dynamically populate a disclosure depending on the length of the plan you’re offering, or if you can take a one-size-fits-all, it depends on the client.

Is it more stringent? We have quite a few audiences globally in Europe, Asia, Latin America, and Oceania. Are the laws in the US more or less stringent? What do you think about international companies that are trying to offer their subscriptions everywhere or frankly where consumers find them and sign up?

The US is leading the charge in markets like the UK and Canada not far behind. Individual countries in Europe will have their specific requirements like Germany and other European countries. We’re part of a global advertising alliance of lawyers, many of whom are trusted friends and advisors on these issues. We usually review from the US perspective first and then do gut checks in other countries where we want to offer the program to see, “Do we want to take a varied approach? Can we figure out a way to streamline this across countries?”

At the moment, the US is more conservative than the UK and Canada other than perhaps on some privacy issues. I’m sure we’re not going to get into this, but GDPR (General Data Protection Regulation) is probably blazing on the minds of many of the people that are reading. Privacy issues aside, we can take a global approach for a lot of the clients that come to me and figure out an approach that works everywhere.

We had Julie Hansen, the CRO of Babbel, the language learning company. We talked about some of the challenges that they faced coming from Europe to the US and keeping up with all of the regulations in Europe across all of those relatively small countries with both different languages and different regulatory restrictions.

Absolutely, I am certainly very familiar with those challenges.

Is there anything that you want to add specifically around working with influencers? You mentioned at the beginning that you were there back when influencers were bloggers. What are some of the gotchas or some of the things that people should keep in mind when partnering with an influencer to try their products or endorse their products, sending free samples, and the like?

This could be its own episode for sure, but a lot of subscription companies, especially subscription box companies I’ve found, do partner a lot with influencers. It’s worth mentioning. The Federal Trade Commission or the FTC, which separately regulates these subscription programs, also has guides concerning the use of endorsements and testimonials. That’s what we colloquially refer to as influencer marketing.

One of the key considerations, when you’re engaging an influencer to promote your product, is there’s what the FTC calls a material connection between you and that influencer i.e. if a person on social would think the influencer is expressing their independent opinion but there is a paid relationship, or another relationship with a brand that would have to be disclosed in some way.

It’s important to mention it’s not just payment that would constitute the connection. If you give an influencer an experience or free products, loan a product, or give them tickets to an event or something like that, all of those are connections that would still need to be disclosed because if a consumer knew about that, it might affect the credibility that they give to that endorsement, and that’s why they need to know about it.

Companies have a bit of latitude in terms of how to make that disclosure. We have evolved from when everyone was trying to put #Ad on everything. The influencers and the brands would push back. Now there are a lot more organic disclosures that can be used on various platforms. The FTC is in the middle of revising its endorsement guides to bring them into the new age. They haven’t been formally updated since 2009. All the guidance since then has been in the form of FAQs and other informal guidance from the FTC.

The new guides will be instructive because they’re going to specifically address how you can make appropriate disclosures on visual platforms like TikTok, specific considerations around the use of virtual influencers, and a little more guidance about how we can make sure influencers are giving their honest opinion about a product. That will be interesting to see how they apply that to virtual influencers given that they don’t exist and wouldn’t be able to try the product, but that’s another requirement.

Another thing to watch out for too is that when you engage an influencer to post about your brand, that’s going to be viewed as advertising for the brand, and you want to treat that as you would any commercial. You’re making sure IP rights are cleared, making sure you have an agreement in place with the influencer that addresses ownership of the content and exclusivity, and making sure they aren’t drumming up fake followers and things like that.

SSP 60 | Subscription Compliance

Subscription Compliance: When you engage an influencer to post about your brand, it will be viewed as advertising. Treat it like any other commercial and make sure IP rights are cleared.


These agreements have evolved to take into account all of the different deceptive tactics that can happen online. These are all key considerations to keep in mind. The FTC is super focused on influencer marketing. It’s going to be a big enforcement priority for them going forward. It’s worth delving into on the side, making sure you have a strong influencer policy. I work on those every day. Those are good things to consider if you are working with or thinking about engaging influencers.

You brought up the FTC or the Federal Trade Commission, which oversees commerce and these kinds of issues. Lesley Fair at the FTC who’s been very involved in a lot of the subscription regulation once said to me, “I’m not trying to trick people. It’s not like you need to lawyer up and protect yourself against all of these things that I’m coming after to get you on. I’m not going to get you because your font is 8-point and not 9-point or silver and not dark gray. I’m looking for egregious bad actors that are hiding the truth from consumers or misleading consumers.” To what extent do you think that is generally good but not specific enough or fine for most people? Maybe it’s even disingenuous where you would say, “I see the FTC going after people for what I think of as very borderline infringement.”

It’s an interesting and good question because that is still generally true. I’ve had informal discussions with the commissioners at the FTC where they say, “The first test case in a given area is going to be against the bad actors or the egregious actors that are trying to hide the ball on consumers and trick them into taking certain types of actions.” Specifically in the negative options space, one of the reasons the FTC is proposing these sweeping updates to the federal law and negative options is to create a consolidated set of guidance and make it clear to people what their obligations are.

One of the reasons the FTC is proposing sweeping updates to the federal law and negative options is to create a consolidated set of guidance and make it clear to people what their obligations are. - @LPaavana Share on X

There have also already been a number of FTC test case enforcement actions against the bad actors in the subscription space. Going forward, they’re going to be taking a bit more of a nuanced view. We’re probably about to get to this, but given that the FTC is proposing updates to the federal laws around subscriptions, those are available. They’re published in the federal register. The FTC has publicized them. There’s going to be a decent amount of lead time before they’re codified into law.

To me, the FTC is saying, “You don’t have an excuse not to know what these regulations are, what we’re proposing, what we think affirmative consent looks like, what we think appropriate cancellation procedures look like, and how to be clear and not hide the ball.” They’re going to start being more aggressive. They brought cases against companies like Match, settling in the hundreds of millions of dollars. They brought cases against smaller subscription box companies like EarthBox. They’re trying to show that there’s no company that’s under their radar.

We’re past the point of saying, “You’re a startup. The FTC is not going to come after you.” They will start going after companies of all sizes. They’re also streamlining the Negative Option Rule for a reason. They want to be able to go after companies in all media, not just online, telemarketing order renew programs, and in-person automatically renewing programs to make it much more holistic.

They have a broader focus on what they’re calling dark patterns, which is an interesting term from them because it’s not specifically defined as anything other than a deceptive practice, which the FTC can already regulate under Section 5 of the FTC Act, but specifically, they’re saying, “Dark patterns are tricks that deceive consumers into taking actions they might not otherwise take online.” Subscription programs are a big subsection of that. It shows me that’s an enforcement priority for them going forward.

I’m glad we’re moving into talking about the FTC. They have announced here in the US that they’re updating their laws around subscriptions, potentially adding stringent requirements. I love the language of dark patterns because it’s vague enough that it can put a broad covering, “Is this a dark pattern?” You can think of it that way. It’s back to this idea of they’re not trying to trick you. You’re using words that consumers won’t notice, “It’s too hard. We will get a couple of extra months out of them because canceling is tricky.”

I’ve seen companies add another screen, require a phone call, and ask a whole series of questions on the way out which is exhausting. The person is like, “I can’t do this. I’ll call you later.” Another month goes by. All of those could fall under that dark pattern description. It’s helpful for companies to think more broadly about it instead of focusing on the font size, “Is it a checkbox or a button?”

Do you think it’s fair to say that the FTC is going to start with the most egregious actors when they take action before going after more borderline cases? Is now the time for every company, even companies that try their best to be customer-first and customer-friendly, to take a fresh look at everything they’re doing and all of their user experience?

I want to first discuss the example you gave because your example was clicking through a bunch of screens, being put on hold, and being made to answer a survey before they can cancel. That is 100% bullseye for the FTC. That’s because even though they have this broader focus on dark patterns and the updates they’re proposing to the federal subscription laws, they specifically talk about those types of cancellation roadblocks being illegal.

That’s why they’re saying, “You can no longer make customers go through a bunch of steps.” In some of these enforcement actions, I had tons of clients saying, “What does it mean to cancel immediately? Are two screens okay? Is one screen okay? Are three screens okay?” These proposed updates are helpful because the FTC is saying none of that is okay unless you get the consumers’ consent to serve them with additional offers or have them do something else.

If they say no, you have to immediately cancel them. If they hang up in the middle of a call where they have asked to cancel, you’re supposed to immediately cancel them. If they’re talking to someone on a chat on a website, and they get three-quarters of the way through the cancellation process and disconnect, you’re supposed to immediately cancel them.

Cancellation specifically is a big bullseye for everyone, big or small companies. Everyone should be looking at their cancellation procedures and how they honor cancellations. More broadly, dark patterns unexpected flash sales that aren’t flash sales, hidden fees, limited time countdown clocks, and a lot of those things are a little vaguer that haven’t been identified by the FTC as potentially dark patterns.

Cancellation specifically is a big bullseye for both big and small subscription-based companies. Everyone should be looking at their cancellation procedures and how they honor them. - @LPaavana Share on X

We always look at those on a case by case to see, “Is it deceptive? Is it hiding the ball? Is the FTC likely to say this is a deceptive practice? Are you using shading in a way that confuses the customer by having the continue button be a certain color until suddenly it’s the No, I Don’t Want to Cancel button so people click it thinking they’re clicking the next step?” It’s that sort of thing.

It’s so interesting. You mentioned that we met at the SubSummit conference. I debuted some new content there. I’m working on some content relating to retention and all of the different ways the different parts of the organization can be helpful with retention. This surprised me. Several people at the conference said, “Do you mean talking to your lawyers and figuring out how many extra screens you’re allowed?” It looks like you’re on the next step to cancel, but what you’re saying is, “Take me out of the cancel cycle.”

We’re in an economic downturn. A lot of subscription companies have never experienced an economic downturn. They’re focusing their lens on retention or how we keep our customers. You have these two things coming at each other. You have the FTC on one side trying to crack down on this. On the other side, you have companies that have historically taken the high road starting to feel pressure from their boards or their leadership to get to the quarterly number. Are you seeing increased pressure with these questions, “Are two screens okay? Are three screens okay? What about this shade of silver on a silver background for our disclosures?”

These are conversations they have with clients every day, “If we do this, we’re going to lose X dollars in revenue. We’re not going to make the numbers.” I’m very sympathetic to that. My approach is never to say, “You have to take the most conservative approach.” There are a lot of factors that go into this. I think of your comment, “Is the FTC going to go after the most egregious actor?” TBD, we’re shifting a little bit away from that, given how specific they’re getting. They did a publication at the end of 2022, which is called Staff Report on Dark Patterns. It’s publicly available.

It’s not the most scintillating read, but it does have an exhibit with a made-up company that the FTC came up with and a bunch of examples of what the FTC would consider a dark pattern in each scenario. They have an example of a countdown clock that has a fake deadline. It has an example of a subscription signup program that’s pretty egregious. It has an example that I would say, “You can’t do that.”

I do think I’ve had some clients saying, “We’re not doing that. We must be fine.” You would be wise to look at the more specific guidance and not say, “As long as it’s not that egregious example from the exit pay, then we’re fine.” It does give some good examples in a very easy-to-understand and digestible format of what the FTC would consider something that it could go after with visuals. That’s helpful for companies to take a look at.

Are there any industries or types of companies that you think either historically or as emerging trends particularly either at risk or badly behaved and worthy of a closer look in your opinion?

In terms of badly behaved, it could be a whole separate topic, but it’s any advertising or products that are directed to a particularly impressionable audience. That could be children but also anyone in the fashion, beauty, cosmetics, health, wellness, and weight loss sectors. Without getting too legal, in these proposed updates to the Negative Option Rule in addition to streamlining it to make it apply to all companies and all of those updates, the FTC is saying it can now seek penalties under that specific Negative Option Rule for misleading claims and things that you’re saying in the signup flow even if they’re not directly related to the subscription offer.

SSP 60 | Subscription Compliance

Subscription Compliance: The FTC can now seek penalties under the Negative Option Rule for misleading claims in your signup flow, even if they’re not directly related to the subscription offer.


What that means to me is if you’re a weight loss company, and let’s say you have a monthly weight loss pill subscription or something like that, in the past, if there was something that you were saying about the pill that was misleading like, “You will lose 20% of your body weight by the end of the year,” the FTC will bring a claim under Section 5 that is generally deceptive. What they’re now saying is, “We can also seek penalties under the Negative Option Rule because it happens to be a subscription program.” It’s increasing their authority to bring bigger financial penalties against these types of companies. I’m seeing a trend toward them trying to expand their authority to do that.

In January 2023, they brought their first case under the Federal Restore Online Shoppers’ Confidence Act, which is the federal subscription law enforcing civil penalties under that rule. They’re trying to expand their ability to do that. They’ve got tons of previous settlements where it has been consumer restitution and millions of dollars. I’m seeing a big trend on the FTC toward saying, “We’re expanding our authority to penalize financially these companies that don’t comply with the Negative Option Rule.” That’s an important thing for companies to be on notice of.

Can you define the Negative Option Rule for our audiences?

On the federal level, the Negative Option Rule together with the Restore Online Shoppers’ Confidence Act or ROSCA are the two federal statutes that will regulate subscription programs. The Negative Option Rule is a bit of a patchwork because it also covers subscription offers through telemarketing and other types of offers, and then ROSCA is specific to online offers.

One of the reasons the FTC is now trying to update the Negative Option Rule is to create one centralized framework that gives companies one set of guidance to work from that’s a bottom line for subscription programs because the current patchwork is confusing. They’re also trying to align it with the most conservative standard across the 50 states, typically California.

Although one interesting thing to note is that the FTC is saying, “Once we update the Negative Option Rule and rename it too, it’s not going to preempt state law.” If you have a state that has greater protection than the federal law, you still have to comply with that state, which is not very helpful. That’s where I come in to help companies figure out, “Do you still have to take a little bit of a hybrid approach in some instances?”

My guess is that they will try to align with what the most current conservative standard is so that you’re not still scrambling to investigate and do a 50-state survey every time you’re running a subscription program. They’re trying to make it a lot easier for companies to comply because a company could say, “How am I supposed to know what the law is in Idaho? I would much rather that the federal law give me a bottom line to work from so I can show that I’m not being an egregious actor. I’m trying to comply. I’m trying to be transparent. I’m looking at the guidance and figuring it out.”

SSP 60 | Subscription Compliance

Subscription Compliance: The FTC will try to align with what the most current conservative standard so businesses will not scramble to investigate and do a 50-state survey every time they are running a subscription program.


There’s a lot to be thinking about. I think about my clients. Some of them are large, have big budgets for attorneys, and have a lot to lose. Others are just starting and are bootstrapped. Good lawyers can be expensive although necessary. I’m wondering. As somebody who I know has a lot of empathy for your clients and who is wonderfully practical to talk to in the way that you simplify legal issues and put them into business terms, what would be your best advice for subscription entrepreneurs as well as intrapreneurs building subscription models within larger companies that don’t have a history of subscriptions and who want to stay on the right side of the law but maybe don’t have huge budgets? What’s the advice? Where do you spend? Where can you save? What would you advise your cousin, best friend, or next-door neighbor if they were in this position?

If you’re starting, take the time to have the 1-hour conversation or the 30-minute conversation. I don’t do those on the clock. It’s important to understand where you stand, and then you can do an evaluation. At what point does it make sense to have legal go through this? In general, before your design teams get started down a path they can’t turn around from is time to get someone looking at it.

I have clients who will send me mockups of their design flows in Figma even as a PDF or something. It’s dropping in comment bubbles and doing line edits if they’re a bit more advanced, or it’s 30 minutes on the front end to do a consultation and say, “Here’s where you have a structural problem. Here’s where your structure works, but you’re going to need to do X, Y, and Z down the road. When you’re ready, come back to me, and we will look at it.”

It depends on what stage of growth you’re at. Doing that consultation is helpful to A) Evaluate any inherent issues in what you’re proposing, and then B) Figure out at what stage it makes sense to line by line look at what you’re doing and then see periodic audits. There may be other things that come along the way. A lot of my early-stage companies come to me, and they’re like, “I don’t care about subscriptions. I need terms of use in a privacy policy.”

I’m like, “Your terms of use need to describe what you’re doing in terms of the subscription. It’s related. You should be thinking about it now along with all the other things that startups think about like trademark and an IP clearance.” If you’re a subscription company, that needs to be part of the initial round of stuff. It’s not a later-stage game thing. It’s related to how you have all your terms of sale, refund policies, and website stuff.

Are there certain subcategories? You’ve mentioned a few of them. I’m sure you know almost every large company has a subscription initiative underway, whether it’s automotive, healthcare, consumer products, retail, media, software, or hardware. Some team is working on it. You’re saying, “Now is a good time to start talking.” Do they come to you and say, “Is there anything we should be worried about?” Do they come to you and say, “Here are some of the key areas where we want to check in with you. We want to show you our signup flow, our cancel flow, and our privacy terms.” How prepared do they need to be?

It typically depends on the level of sophistication of the company and when they’re coming to me. I advised a major software company, a major ride-share app, and a nationwide restaurant chain on their subscription programs. Those are the clients that are saying, “This subscription program is mostly baked, but we know that there are a lot of laws that have been changing. We don’t have the infrastructure to be doing a 50-state tracker. Could you look at it given that you pretty much know and tell us where we need to make tweaks or line edits?”

Those are the big companies that can strategically implement the advice. Ironically, it doesn’t cost very much because you’re not taking that long to look at it. You can take a quick spin through a PDF flow in an hour and say, “I’ve identified these five issues.” In the earlier-stage companies, you can also be efficient because they might be at the concept stage and say, “Can I have a free trial that converts on this basis? When do I need to send the reminder notices? What are the top five things the signup flow needs to have? Can you give me a compliance checklist or a sample disclosure? I’ll plug and play myself and then run it back by you.”

That’s also a very efficient way to do it. You can provide the building blocks for an early-stage company to do a lot of the legwork themselves. They’re in the weeds on exactly how it works, but you’re giving them, “Here are the must-haves and best practices. Here’s where you might be willing to take on some risks if you think that not doing a certain thing is going to negatively impact your customers, consumer retention, or revenue.”

That’s great. It’s not as hard as people might think. It’s not as huge of a commitment. The advice that I’m taking away is to start small and start early.

Even trade associations like SUBTA (Subscription Trade Association) agree in terms of following blog posts and industry news. We do newsletters at no cost to people that are reading. We can make those available as well. Stay on top of mailing lists if you are on a client alert that says, “California changed this law.” The next day, you know to reach out, check-in, and say, “Does this change anything that we have already been doing?” Our established clients will do that too if I send out a client alert or newsletter saying, “There has been a change in X state. There has been a change on the federal level.” Often, they will say, “Maybe this is a good time to check if what we were doing before still works and we don’t have to change anything.”

You started to talk a little bit about some of the companies you’ve worked with. You don’t have to name them. Can you give an example of a company that you’ve worked with that used your expertise well and got their money’s worth?

I’m going to go with the technology company, even though it’s a little bit more of an enterprise-level company than I typically work with. We do a lot of SaaS and technology work. That one was great because they were transitioning from being primarily a hardware company to a Software-as-a-Service company. You had the cloud subscription element as well as a product subscription element. They were good about assimilating everything that they wanted to do even though the product or the new offering was not yet launched.

What they did was they said, “Here’s where we want to end up. Here’s what we want the customer end journey to look like. Here’s what the goal is in terms of converting the previous subscribers to the new program. How do we get there, keeping in mind that these four things are important to the business to comply with the subscription laws?” That’s someone packaging things up in a very strategic way with a specific outcome and telling me what the business goals are so I can figure out what the best way is to get there.

It’s not so much, “We need legal advice. Please redo our terms.” It’s like, “How can you help us get to the business goal, navigating all of this stuff and distilling it into practical guidance?” When I advise those clients, I’m not saying, “You have to do this because Business Code 16,000 in California says you have to.” It’s like, “Here’s what I would advise practically that you do to navigate and mitigate your risk profile.”

I thought that was an effective use of our council without us spending hundreds of hours advising them, even though it was a very big company with probably 150 law firms that they use. They wanted to use us for this niche area because we’re the specialists in that. They don’t need us for employment or general commercial contracting. It’s a specific area, but it’s still highly regulated, especially if you are a bigger company. It has a lot more financial risks associated. When you weigh that against the cost of a couple of hours of counsel’s time, it’s well worth it.

You use the phrase, “Compliance by design.” Is that a good example of that concept?

That’s a great question because it is. Typically, when I say compliance by design, it’s when companies come to me before they have started building their UX. I’ll say, “How do we build compliant features, tools, checkboxes, buttons, shading, and formatting? How do we build that all in from the beginning?” It’s almost like you’re an outside partner to the web dev team in that case. That’s compliance by design. It can be applied to the situation I refer to as well because they’re migrating their model and wanting to implement all of this at that time, but it’s more of a later-stage process. When I think of compliance by design, you’re an architect, and you’re building all of these considerations from the ground up.

It’s a great framework. I was thinking of it in the context of the product but also in the context of getting started building out the strategy and the business plan. This is great. I feel like I’ve learned a ton. I hope that all the audiences have too. I’m hoping to invite you back to dig deeper into a couple of these juicy topics. It’s great talking to you, Paavana. Before you go, can I get you to do a speed round with us?

Let’s do it.

What’s the first subscription you ever had?

Original Netflix with the actual discs.

We had them at the time. Have you ever broken a disc?

I don’t think I did. I was very responsible.

That’s where we differ. What’s the most useful subscription that you use for work?

I like Todoist Premium. I use it for my to-do list.

What’s your favorite piece to perform on the piano?

When I was in college, I minored in piano. I did a senior recital and played Ondine from Gaspard de la nuit by Ravel. I cannot play it now if you asked me after years of practice, but at the time, it was my favorite piece to perform. If I could get it back up to speed, I would love to play it again someday.

That’s beautiful. What’s the most egregious violation of the spirit of subscription law?

I had a potential client shall remain nameless who came to me with a proposed subscription signup flow. There were no disclosures to be seen. What they did was they buried the disclosure right down at the bottom of the page where you would have to scroll down to see it for minutes. It said, “You found the disclosure. What are you doing looking down here?” which is crazy.

There’s an FTC case against Machinima, which is a video game company. They used influencers and told the influencers on YouTube videos not to include disclosures. At the very bottom of the YouTube caption, they had something that said, “No one reads as far into the description. What are you doing snooping around?” Despite the fact that was an FTC action, that company thought it was a good idea to copy it. That’s crazy. Don’t copy the behavior that has been found legal in previous FTC actions. That is a good start.

That seems like a good place to start with your subscription compliance from the sublime to the ridiculous.

I will say one of the great things about the subscription industry is you don’t have to be super technical to break into it. You don’t have to be a coder. You don’t even have to have tons of VC money. You could be an industry disruptor if you just have a great idea. A lot of new companies in this space are valuing its customer experience. That’s great. I would wrap up by saying if you are prioritizing consumer transparency and the customer experience and not hiding the ball, you’re already ahead of the pack. You want to keep on top of what’s changing and evolving going forward.

Thank you so much, Paavana. This was a lot of fun. I hope to get you back on the show soon.

Thank you so much for having me.

That was Paavana Kumar, a subscription compliance expert and partner at the law firm of Davis+Gilbert. For more about Paavana and Davis+Gilbert, go to Also, I have a favor to ask. If you like what you read, please take a minute to go over to Apple Podcasts or Apple iTunes and leave a review. Mention Paavana and this episode if you especially enjoyed it. Reviews are how audiences find our show, and we appreciate each one. Thanks for your support. Thanks for reading.


Important Links

About Paavana Kumar

SSP 60 | Subscription CompliancePaavana Kumar is a partner at Davis+Gilbert, where she helps major advertisers, retailers, disruptive e-commerce companies and startups assess risk and comply with the shifting landscape of advertising and media law. Clients rely on her counsel as they work to promote innovative products, run high-exposure campaigns and streamline the online customer experience. Paavana works with brands in almost every industry sector including fashion and cosmetics, food and beverage, entertainment streaming, and software.

As subscription programs become more popular, Paavana’s knowledge of the highly regulated automatic renewal and negative option laws in all 50 states, together with her deep understanding of the regulatory focus on “dark patterns,” sets her apart. Clients in this space look to her to draft transparent marketing disclosures and design effective, compliant user flows. She also advises on all types of consumer promotions, including sweepstakes, contests, loyalty rewards and gift cards, cause marketing and donation programs, text message and email marketing, and major entertainment and sports collaborations.

Paavana has a JD from Columbia Law School, where she was a Harlan Fiske Stone Scholar, and a BA from Princeton where she studied Comparative Literature and Piano Performance.


Love the show? Subscribe, rate, review, and share!

Join the Subscription Stories Community today: