Online deliveries of wine and other adult beverages soared during the pandemic and have continued to be popular.
But there’s a dark side to this market: some of these online wine delivery companies are breaking consumer protection laws. And this problem has not received the media attention it deserves.
Let’s see what’s going on.
In October 2022 the Federal Trade Commission (FTC) took legal action against online alcohol marketplace Drizly and its CEO over allegations that the company’s security failures led to a data breach exposing the personal information of about 2.5 million consumers.
Drizly, now owned by Uber, collects and stores a wide range of personal information from consumers, including emails, geolocation information, personal information pulled from customer computers and mobile devices, and data purchased from third parties, such as income level and home value.
According to the FTC, Drizly and the CEO were alerted to problems with the company’s data security procedures following a hacking incident but failed to address them while publicly claiming to have appropriate security measures in place.
This led to the second cyberattack.
The FTC alleges that the inadequate security measures constituted an unfair and deceptive act or practice in violation of the FTC Act. The agency’s proposed order requires Drizly and its CEO to, among other things, destroy unnecessary data, limit future data collection, and implement an information security program.
That same month, online retailer Naked Wines agreed to pay $650,000 to settle a consumer protection lawsuit brought by several California counties claiming that the company violated California’s law requiring it to spell out recurring monthly charges and allow consumers to easily cancel subscriptions.
Both enforcement actions, against two of the biggest players in the online wine delivery industry, outlined steps that affected consumers should take to mitigate harm. For instance, the FTC issued a related consumer alert about Drizly’s data breach recommending that people take action to prevent identity theft. The Naked Wines settlement entitles consumers to request refunds.
But these steps don’t help much if we don’t know that we should be taking them.
And more fundamentally, can we still trust these companies – or anyone in the online wine delivery industry? Granted, this industry is no different from any other industry. But two announcements about online wine delivery companies breaking consumer protection laws in one month?
Note that just weeks after the FTC’s action, Drizly announced that it’s rebranding itself, expanding from merely an on-demand delivery company into one offering a “tailored shopping experience” to “help people savor life’s moments.” Okay, but is this why the company was compiling personal information such as income level and home ownership? And is this the data Drizly gets to keep or must destroy? We just don’t know.
I have no personal issue with any company in the online wine delivery industry, and am a big fan of online wine delivery. We buy most of our wine online.
But I am suddenly much more leery about whether companies, including online wine delivery companies, are breaking consumer protection laws. I’m going to be more cautious. I suggest that you be, too.
We hope that you find the news that some online wine delivery companies are breaking consumer protection laws an eye-opener. I know I did.
What do you think of these revelations? How do you protect yourself when shopping online? Send us a message at firstname.lastname@example.org. Always feel free to reach out to us with any questions or feedback.