Welcome to Wiley’s update on recent developments and what’s next in consumer protection at the Consumer Financial Protection Bureau (CFPB) and Federal Trade Commission (FTC). In this newsletter, we analyze recent regulatory announcements, recap key enforcement actions, and preview upcoming deadlines and events. We also include links to our articles, blogs, and webinars with more analysis in these areas. We understand that keeping on top of the rapidly evolving regulatory landscape is more important than ever for businesses seeking to offer new and groundbreaking technologies. Please reach out if there are other topics you’d like to see us cover or for any additional information.
To subscribe to this newsletter, click here.
Regulatory Announcements
CFPB Director Chopra Testifies Before U.S. Senate and House Committees Regarding Semiannual Report to Congress. On June 13 and June 14, CFPB Director Rohit Chopra testified before the U.S. Senate Committee on Banking, Housing and Urban Affairs (testimony available here) and the U.S. House Financial Services Committee regarding the CFPB’s Semiannual Report to Congress (testimony available here). During his testimony, Director Chopra stated that “the CFPB continues to deliver tangible results for the public today, ensuring that consumers are protected, while also preparing for the future as tech giants and artificial intelligence reshape the industry.” His testimony focused on rising household consumer debt, ongoing rulemaking proceedings, supervision of nonbank financial firms, and a shift in the CFPB’s enforcement focus from small businesses to “repeat offenders.” Questions from legislators touched on a number of topics, including the CFPB’s Notice of Proposed Rulemaking (NPRM) on credit card late fees, or “junk fees”; the regulation of artificial intelligence (AI); the recent data breach that occurred at the CFPB; and the CFPB’s regulation of peer-to-peer payment applications.
FTC Provides Annual Report to CFPB on Financial Activities. On June 7, the FTC provided its annual report to the CFPB on its enforcement and related activities in 2022 on the Truth in Lending Act (TILA), Consumer Leasing Act (CLA), and Electronic Fund Transfer Act (EFTA). The report highlights the FTC’s enforcement actions in a number of industries, including automobile purchase and financing, payday lending, credit repair and debt relief, and other credit products. The report further discusses the FTC’s current rulemakings underway, including a Proposed Rule regarding auto-related practices, and an Advance Notice of Proposed Rulemaking addressing what the FTC characterizes as “junk fees.”
FTC Issues RFI on Consumer Protection and Law Enforcement Collaboration with State Attorneys General. On June 7, the FTC issued a Request for Information (RFI) seeking comments on how it can work more effectively with state attorneys general on consumer protection and enforcement initiatives. The RFI comes at the direction of the FTC Collaboration Act of 2021, which was signed into law last year. The FTC Collaboration Act of 2021 requires the agency to conduct a study on “facilitating and refining existing efforts with State Attorneys General to prevent, publicize, and penalize frauds and scams being perpetrated on individuals in the United States.” The legislation also requires the FTC to consult directly with interested stakeholders on the study. Comments on the RFI are due August 14.
CFPB Issue Spotlight Analyzing AI Chatbot Performance in Banking. On June 6, the CFPB released an issue spotlight on the adoption of chatbots by financial institutions, including chatbots that utilize AI to generate responses to customers. According to the issue spotlight, the CFPB has received “numerous complaints” from customers trying to receive answers from financial institutions, or raise a dispute or concern. The CFPB notes that “[f]inancial products and services can be complex, and the information being sought by people shopping for or using those products and services may not be easily retrievable or effectively reduced to an FAQ response.” The issue spotlight states that the use of chatbots raises several risks, including noncompliance with federal consumer financial protection laws, diminished customer service and trust, and harm to consumers.
FTC Data Spotlight Shows That Bank Impersonation is the Most-Reported Type of Text Message Scam. On June 8, the FTC released a data spotlight ranking the top five types of text message scams reported in 2022. According to the FTC data spotlight, consumers reported losing $330 million to text message scams in 2022, which is more than double what was reported in 2021. The FTC’s analysis examined a random sample of 1,000 text messages reported to the agency, finding that fake bank security messages, often from the largest banks, were the most common type of scam. Other common types of impersonation scams included messages claiming to offer a free gift, often from a cell phone carrier or retailer; fake claims of package delivery issues; fabricated job offers for things like mystery shopping and car wrapping; and other fake account security alerts.
Recent Enforcement Actions
FTC Settles With PPP Marketer Charged with Falsely Promising Quick Delivery of Facemasks. On May 15, the U.S. District Court District Court for the Middle District of Florida issued a final judgment and order against Frank Romero (d/b/a Trend Deploy) for violation the Mail Order Rule, the FTC Act, and the COVID-19 Consumer Protection Act. The FTC filed a complaint against Romero in June 2021 for allegedly failing to notify consumers of delayed shipments, failing to offer cancellations and refunds as required by the FTC’s Mail Order Rule, and failing to honor refund requests so that consumers can buy offered products elsewhere. The court granted the FTC’s Motion for Summary Judgment and is ordering Romero to cease selling protective goods and services and pay two monetary judgments totaling $992,000.
FTC Sues Real Estate Investment Companies for Allegedly Misrepresenting Investment Opportunities to Consumers. On June 5, the FTC filed a complaint in the U.S. District Court for the Middle District of Florida against Ganadores Online, Ganadores Inversiones Bienes Raíces, and their owners (Defendants), for allegedly violating the FTC Act, Business Opportunities Rule, and Cooling Off Rule. The FTC alleges that the Defendants misled consumers by falsely promising that attendance at the Defendants’ costly three-day workshop would guarantee success in starting an online business or investing in real estate, failing to deliver the mentorship and lucrative investment opportunities promised, and not translating all disclaimers into Spanish for consumers who did not speak English. The FTC further alleges that consumers were denied refunds when the Defendants’ services failed to deliver the financial returns promised. On June 7, the district court has granted the FTC’s motion for a temporary restraining order against the Defendants, freezing their assets. The FTC is requesting a permanent injunction against the Defendants and monetary relief for harmed consumers.
FTC and DOJ Settle Alleged COPPA Violations on Video Game Platform. On June 5, the FTC and U.S. Department of Justice (DOJ) filed a complaint and stipulated order against Microsoft Corp. in the U.S. District Court for the Western District of Washington for alleged violations of the FTC Act and Children’s Online Privacy Protection Act (COPPA). The FTC and DOJ allege that Microsoft collected and retained unnecessary data from consumers under thirteen years of age on its Xbox Live online platform, and failed to adequately disclose to parents the type of data collected and how the collected data was used by third parties. The company has agreed to pay a $20 million civil money penalty in addition to implementing a data deletion system, updating parents about how to protect their child’s data, and informing video game publishers when disclosing children’s data.
CFPB Settles with Third-Party Debt Collector for Alleged Use of Deceptive Debt Collection Practices. On June 8, the CFPB filed a consent order and stipulation against Phoenix Financial Services, an Indiana-based third-party debt collector, for allegedly violating the Fair Credit Reporting Act and Fair Debt Collection Services Act. The CFPB alleged that Phoenix Financial continued to send collection notices to consumers who disputed a debt collection claim and potentially sent incorrect debt information to consumer reporting companies. Phoenix Financial has agreed to pay $1.67 million in addition to injunctive relief.
Upcoming Comment Deadlines and Events
FTC RFI on Cloud Computing Industry. Comments are due June 21 (extended from May 22) on an FTC RFI seeking information regarding the business practices of cloud computing providers. The RFI outlines questions on both competition and data security issues in the cloud computing industry. The RFI also notes that FTC staff is interested in cloud computing with regards to specific industries, including healthcare, finance, transportation, e-commerce, and defense.
FTC Seeking Comment on Negative Option Rule NPRM. Comments are due June 23 on the FTC’s Negative Option Rule NPRM. Negative option marketing refers to commercial transactions where sellers interpret a customer’s inaction to either reject or cancel an agreement as an acceptance of a product or service. The FTC’s current Negative Option Rule requires certain prenotification plan sellers to disclose their plan’s material terms clearly and conspicuously before consumers subscribe. Prenotification plans are those that provide periodic notices offering goods to participating consumers and subsequently send and charge for those goods if consumers take no action to decline the offers. The NPRM proposes to expand the Negative Option Rule to all forms of negative option marketing, including continuity plans, automatic renewals, and free trials in all media (e.g., telephone, Internet, traditional print media, and in-person transactions). The NPRM also would make a number of changes to the Negative Option Rule, including requiring negative option plan sellers to provide a one-click opt-out mechanism for current subscription customers; adding opt-in requirements for negative option plan sellers seeking to make new offers to customers; and implementing a requirement that negative option plan sellers must, on an annual basis, remind customers enrolled in subscription services involving anything other than physical goods about the current subscription before it is renewed.
FTC Seeking Comment on Revisions to Health Breach Notification Rule. Comments are due August 8 on the FTC’s Notice of Proposed Rulemaking to Amend the Health Breach Notification Rule (HBNR NPRM). The HBNR NPRM proposes to update the HBNR to clarify the rule’s coverage of mental health apps and other technologies that collect location and browsing history data. The HBNR NPRM also proposes to clarify, among other things, that the definition of “breach of security” under the rule includes an unauthorized acquisition of identifiable health information that occurs as a result of a data security breach or an unauthorized disclosure, and therefore it would not limit reportable incidents to “cybersecurity intrusions or nefarious behavior.”
FTC to Host Workshop on Proposed Changes to the Funeral Rule. On September 7, the FTC will host a public workshop on the changes to its Funeral Rule proposed in its Advance Notice of Proposed Rulemaking. The workshop will cover a number of topics including, among other things, online or electronic disclosures of price information, the general price list required by the Funeral Rule, and whether funeral providers should be required to give out general price lists in languages other than English. The public can submit comments on the topics to be covered in the workshop until October 10. Instructions for filing comments will be published in the Federal Register.
More Analysis from Wiley
Wiley Wins Four Law360 ‘Practice Group of the Year’ Awards for 2022
Podcast: The FTC Safeguards Rule: A Deep Dive into the Revisions Effective June 9, 2023
Webinar: How to Keep Up with the Influx of New State Privacy Laws and Regulations
Podcast: What could AI regulation in the US look like?
FCC Launches Privacy and Data Protection Task Force
A New White House Project on Responsible AI Sends a Message to the Private Sector, Including Contractors
FTC Issues Policy Statement on Biometric Information, Signaling a New Enforcement Priority
FTC Joins the Cloud Security Discussion
5 Takeaways From Recent CFPB, FTC Equal Credit Push
Podcast: AI Risk Management: A Discussion with NIST’s Elham Tabassi on the NIST AI Risk Management Framework
Generative AI Policies: Five Key Considerations for Companies to Weigh Before Using Generative AI Tools
State Privacy Update: California Finalizes New CCPA Regulations and Iowa Becomes the Sixth State to Adopt Comprehensive Privacy Legislation
State Privacy Update: A New Omnibus Privacy Law Passes in Iowa, Colorado Finalizes Privacy Rules
NTIA Seeks Comment on AI Accountability
FTC Proposes New Rule to Broadly Ban Non-Compete Agreements
FTC Requests Comment on Potential Revisions to Green Guides
Webinar: Staying Ahead of State Privacy Laws: Tips and Best Practices for Building Compliant Strategies for Five Key States
Five New States Advance Privacy Laws in May 2023
Podcast: State Privacy Laws and Federal Government Contractors
California Moves Closer to Finalizing Updated CCPA Regulations and Launching a New Rulemaking for Cybersecurity Audits, Risk Assessments, and Automated Decisionmaking
CISA Seeks Comments on New Security Attestation for Software Procurements
New York Law Will Regulate Consumer Device Repair Options: What the Digital Fair Repair Act Means for the Consumer Electronics Industry
California Age-Appropriate Design Code Act to Impose Significant New Requirements on Businesses Providing Online Services, Products, or Features
An Introduction to the California Age-Appropriate Design Code
Webinar: Transactional Due Diligence Related to Privacy and Cybersecurity
Webinar: FTC’s Revised Safeguards Rule: How to Navigate New Information Security Requirements
Duane Pozza Named a Cryptocurrency and Fintech ‘Trailblazer’ by The National Law Journal
U.S. State Privacy Law Guide
Legal 500 US Recognizes Wiley’s Telecom, Media & Technology Practice as Tier 1. Read more here.
[View source.]
