In the latest data-pass news, a federal judge denied a motion to dismiss several counts in a class action against security software company McAfee. The suit alleges that McAfee transferred consumers’ credit card information immediately after they purchased software but before they downloaded it. Pop-up ads would appear from a third party with a “Try It Now” button that, when clicked by consumers, would enroll them in a monthly program.

The plaintiffs claim they believed they needed to click on the button to download their software and that McAfee received a fee for each customer who subscribed to the services of Arpu, Inc. via the ad on McAfee’s site. The complaint alleges that the plaintiffs only later learned they were enrolled in a monthly program with Arpu, costing $4.95 per month, and that McAfee transferred their confidential billing information without adequately disclosing what they were signing up for.

U.S. District Court Judge Lucy H. Koh said the plaintiffs could sue under California’s unfair business practices statute even though they could not claim any actual damages. Because the plaintiffs sought disgorgement of profits and restitution from McAfee based on the company’s business practices, their claims satisfied the state law, she said.

Discussing the plaintiffs’ allegations, the judge said there were several facets of the pop-up ad that could deceive a “significant portion of the public” into believing that the ad was affiliated with McAfee. The sequential placement of the ad, the fact that Arpu’s name appears nowhere on the pop-up, and the fact that the only reference to a third party appears in fine print makes it “difficult not to view the ad as an attempt to conceal [the] source and to pass off both the ad and the product as McAfee’s own,” the judge said.

Judge Koh also noted differences that could have tipped consumers off, adding that the plaintiffs were “unable to allege with any precision McAfee’s role in or responsibility for the content of the pop-up ad.” Although the court allowed the plaintiffs’ state law claims to continue, it dismissed claims under the Lanham Act, determining that the allegedly deceptive elements of the pop-up ad were not sufficient to establish a likelihood of injury by direct diversion of sales or a lessening of goodwill.

To read the complaint in Ferrington v. McAfee, click here.

To read the motion to dismiss in Ferrington v. McAfee, click here.

Why it matters: The suit is the most recent headline about data-pass marketing lately, following Senator Jay Rockefeller’s (D-W.Va.) proposed legislation, the Restore Online Shoppers’ Confidence Act, which would establish prohibitions and restrictions for all online post-transaction offers and limit the use of “negative option” sales. In addition, the three major post-transaction companies – Affinion, Vertrue, and Webloyalty – changed their practices earlier this year to require consumers to re-enter their credit card information to enroll in their discount clubs. The companies and their online retail partners have also faced scrutiny from state attorneys general; Webloyalty and Affinion and various partners both recently reached multi-million dollar settlements with the state of New York.