Welcome to Wiley’s update on recent developments and what’s next in consumer protection at the Consumer Financial Protection Bureau (CFPB) and Federal Trade Commission (FTC). In this newsletter, we analyze recent regulatory announcements, recap key enforcement actions, and preview upcoming deadlines and events. We also include links to our articles, blogs, and webinars with more analysis in these areas. We understand that keeping on top of the rapidly evolving regulatory landscape is more important than ever for businesses seeking to offer new and groundbreaking technologies. Please reach out if there are other topics you’d like to see us cover or for any additional information.
Regulatory Announcements
CFPB Issues Spotlight and Consumer Advisory Highlighting Lack of Federal Deposit Insurance Protection for Funds Held with Some Digital Payment Apps. On June 1, the CFPB published an Issue Spotlight highlighting that funds stored on digital payment apps may lack federal deposit insurance if not placed by the app in an account at a bank or credit union. The CFPB also published a Consumer Advisory with recommendations on how consumers may need to handle balances stored in payment apps.
CFPB, FDIC, Federal Reserve, FHFA, NCUA, and Treasury Request Comment on Proposed Rule on Automated Valuation Models. On June 1, the CFPB, the Federal Deposit Insurance Corporation (FDIC), the Federal Reserve System (Federal Reserve), the National Credit Union Administration (NCUA), and the U.S. Department of the Treasury (Treasury) released a Proposed Rule seeking comment on whether to implement quality control standards for automated valuation models used by mortgage originators and secondary market issuers to value real estate collateral in securing loans for mortgages. Comments on the Proposed Rule are due 60 days after publication in the Federal Register.
FTC Files Amicus Brief Arguing that COPPA Preemption of State Laws is Limited. On May 20, the FTC filed an amicus brief in Jones v. Google, LLC, a Ninth Circuit case involving allegations brought under state law. The FTC’s amicus brief argues that the preemption clause in the Children’s Online Privacy Protection Act (COPPA) only applies to state laws that are inconsistent with COPPA. The Ninth Circuit is considering “whether the preemption clause [in COPPA] preempts fully stand-alone state-law causes of action by private citizens that concern data-collection activities that also violate COPPA but are not predicated on a claim under COPPA.”
Recent Enforcement Actions
FTC Settles with Four Individuals Running Alleged Fraudulent Multilevel Marketing Scheme. On May 11, the FTC filed a stipulated order in the U.S. District Court of Arizona against Jay Noland, Lina Noland, Scott Harris, and Thomas Sacca (Defendants) based on allegations that they violated the FTC Act. In 2020, the FTC filed a complaint against the Defendants for alleged unlawful practices involving two separate multilevel marketing schemes, Success by Health and VOZ Travel. The FTC alleged that the Defendants misled consumers by falsely promising financial freedom and misrepresenting their own success and financial stability. The Defendants have agreed to pay $7.3 million and to cease engaging in any future multilevel marketing businesses.
FTC and Utah Attorney General Settle with Real Estate Investment Training Company for Allegedly Misrepresenting its Services. On May 18, the FTC and Utah Attorney General filed a stipulated order in the U.S. District Court of Utah against Response Marketing Group, LLC and its principals for allegedly violating the FTC Act, Telemarketing Sales Rule, and several Utah consumer protection statutes. In the 2019 complaint, the FTC and Utah AG alleged that Response Marketing misled consumers by making false promises in advertising training services, which cost consumers as much as $40,000. The stipulated order permanently bans Response Marketing and its owners from operating this type of business in the future and requires them to pay $15 million.
FTC and DOJ Settle with Education Technology Provider for Allegedly Violating COPPA. On May 22, the FTC and U.S. Department of Justice (DOJ) filed a complaint and proposed order against Edmodo in the U.S. District Court of Northern California for alleged violations of the FTC Act and COPPA. The FTC and DOJ allege that Edmodo collected and retained unnecessary data from students and failed to adequately disclose to teachers or parents the type of data collected from students and the use of the data. Edmundo has agreed to pay a $6 million civil money penalty in addition to injunctive relief and implementing a data retention schedule.
CFPB Settles Improper Credit Card Servicing Allegations with Bank for $9 Million. On May 23, the CFPB filed a stipulated final judgment in the U.S. District Court of Rhode Island against Citizens Bank for allegedly violating the Consumer Financial Protection Act, Truth in Lending Act, and Regulation Z. The CFPB originally sued Citizens Bank in January 2020 alleging that the bank failed to sufficiently investigate reports of fraud and did not take the proper steps to aid consumers who disputed their charges or sought credit counseling. The bank has agreed to pay a $9 million civil money penalty in addition to injunctive relief.
CFPB Settles with Personal Loan Lender for Allegedly Misleading Consumers into Purchasing Additional Products. On May 31, the CFPB filed a consent order against OneMain Financial, a nationwide personal loan installment lender, and its subsidiaries for alleged violations of the Consumer Financial Protection Act. The CFPB alleges that OneMain sold additional products such as identity theft and unemployment coverage without confirming the consumers’ interest in adding such products and failing to fulfill promises to fully refund consumers if they cancelled the additional product within the permitted window. OneMain has agreed to pay $10 million in addition agreeing to injunctive relief.
FTC and DOJ Settle With Amazon for Allegedly Misrepresenting Data Deletion Practices. On May 31, the FTC and U.S. Department of Justice (DOJ) filed a complaint and proposed order against Amazon in the U.S. District Court of Western Washington for alleged violations of the FTC Act and COPPA. The FTC and DOJ allege that the company engaged in deceptive and unfair practices when retaining voice recordings and geolocation data collected via Alexa, including data collected by users under the age of 13. In addition to injunctive relief, the stipulated order requires Amazon to pay $25 million, notify consumers about this settlement and its retention and deletion practices, and establish a privacy program for its geolocation information.
FTC Settles with Surveillance Camera Company for Allegedly Failing to Implement Proper Security Protections. On May 31, the FTC filed a complaint and proposed orders against Ring LLC in the U.S. District Court of District of Columbia for violations of the FTC Act. The FTC alleged that Ring failed to implement proper safeguards against employee and third-party access to customer videos and prevent bad actors from obtaining consumer usernames and passwords. Further, the FTC alleges that Ring used customer videos for training algorithms without sufficient notice to the customers. Ring has agreed to pay $5.8 million and implement a privacy and security program.
FTC Finalizes Settlement with ATV Manufacturer for Alleged Deceptive US-Origin Advertising Claims. On June 2, the FTC finalized its order against motocross and ATV parts maker Cycra and its officer, Chad James, after a 30-day notice and comment period. The settlement resolves allegations that the defendants misled consumers by advertising products manufactured in Asia and Europe as being “Proudly designed, developed and manufactured in Lexington, North Carolina,” in violation of the FTC Act and “Made in USA” Labeling Rule. The FTC’s order requires Cyra and James to pay $872,577 to the FTC, in addition to injunctive relief.
Upcoming Comment Deadlines and Events
CFPB RFI on Data Broker Business Practices. Comments on the CFPB’s Request for Information (RFI) seeking public comments on the business practices of data brokers are due June 13. Specifically, the RFI seeks information about the business models and data collection practices of a range of entities it defines as “data brokers,” including the types of information that they collect, sell, and aggregate; the types of sources that they rely on to collect information; and the types of information that they receive from financial institutions, among other questions.
Comments Deadline for FTC Workshop on “Recyclable” Claims. The FTC hosted a workshop on May 23 titled Talking Trash at the FTC: Recyclable Claims and the Green Guides, covering topics including: the current state of recycling practices and advertisements, consumer perceptions of recycling-related claims, and whether the Green Guides need to be updated or revised to accommodate changes in recycling advertising. Comments related to the issues discussed at the workshop are due June 13.
FTC RFI on Cloud Computing Industry. Comments are due June 21 (extended from May 22) on an FTC Request for Information (RFI) seeking information regarding the business practices of cloud computing providers. The RFI outlines questions on both competition and data security issues in the cloud computing industry. The RFI also notes that FTC staff is interested in cloud computing with regards to specific industries, including healthcare, finance, transportation, e-commerce, and defense.
FTC Seeking Comment on Negative Option Rule NPRM. Comments are due June 23 on the FTC’s Negative Option Rule NPRM. Negative option marketing refers to commercial transactions where sellers interpret a customer’s inaction to either reject or cancel an agreement as an acceptance of a product or service. The FTC’s current Negative Option Rule requires certain prenotification plan sellers to disclose their plan’s material terms clearly and conspicuously before consumers subscribe. Prenotification plans are those that provide periodic notices offering goods to participating consumers and subsequently send and charge for those goods if consumers take no action to decline the offers. The NPRM proposes to expand the Negative Option Rule to all forms of negative option marketing, including continuity plans, automatic renewals, and free trials in all media (e.g., telephone, Internet, traditional print media, and in-person transactions). The NPRM also would make a number of changes to the Negative Option Rule, including requiring negative option plan sellers to provide a one-click opt-out mechanism for current subscription customers; adding opt-in requirements for negative option plan sellers seeking to make new offers to customers; and implementing a requirement that negative option plan sellers must, on an annual basis, remind customers enrolled in subscription services involving anything other than physical goods about the current subscription before it is renewed.
FTC to Host Workshop on Proposed Changes to the Funeral Rule. On September 7, the FTC will host a public workshop on the changes to its Funeral Rule proposed in its Advance Notice of Proposed Rulemaking. The workshop will cover a number of topics including, among other things, online or electronic disclosures of price information, the general price list required by the Funeral Rule, and whether funeral providers should be required to give out general price lists in languages other than English. The public can submit comments on the topics to be covered in the workshop until October 10. Instructions for filing comments will be published in the Federal Register.
More Analysis from Wiley
Wiley Wins Four Law360 ‘Practice Group of the Year’ Awards for 2022
FTC Issues Policy Statement on Biometric Information, Signaling a New Enforcement Priority
FTC Joins the Cloud Security Discussion
5 Takeaways From Recent CFPB, FTC Equal Credit Push
State Privacy Update: California Finalizes New CCPA Regulations and Iowa Becomes the Sixth State to Adopt Comprehensive Privacy Legislation
State Privacy Update: A New Omnibus Privacy Law Passes in Iowa, Colorado Finalizes Privacy Rules
NTIA Seeks Comment on AI Accountability
Podcast: AI Risk Management: A Discussion with NIST’s Elham Tabassi on the NIST AI Risk Management Framework
Generative AI Policies: Five Key Considerations for Companies to Weigh Before Using Generative AI Tools
Podcast: The FTC Safeguards Rule: A Deep Dive into the Revisions Effective June 9, 2023
FTC Proposes New Rule to Broadly Ban Non-Compete Agreements
FTC Requests Comment on Potential Revisions to Green Guides
Webinar: Staying Ahead of State Privacy Laws: Tips and Best Practices for Building Compliant Strategies for Five Key States
Podcast: State Privacy Laws and Federal Government Contractors
California Moves Closer to Finalizing Updated CCPA Regulations and Launching a New Rulemaking for Cybersecurity Audits, Risk Assessments, and Automated Decisionmaking
CISA Seeks Comments on New Security Attestation for Software Procurements
NIST Releases AI Risk Management Framework, Expected to Be a Critical Tool for Trustworthy AI Deployment
New York Law Will Regulate Consumer Device Repair Options: What the Digital Fair Repair Act Means for the Consumer Electronics Industry
California Age-Appropriate Design Code Act to Impose Significant New Requirements on Businesses Providing Online Services, Products, or Features
An Introduction to the California Age-Appropriate Design Code
West Virginia v. EPA and the Future of Tech Regulation
Cyber Spotlight: Wiley Tackles White House’s National Cybersecurity Strategy and Other Developments
Webinar: Transactional Due Diligence Related to Privacy and Cybersecurity
Webinar: FTC’s Revised Safeguards Rule: How to Navigate New Information Security Requirements
Duane Pozza Named a Cryptocurrency and Fintech ‘Trailblazer’ by The National Law Journal
U.S. State Privacy Law Guide
Legal 500 US Recognizes Wiley’s Telecom, Media & Technology Practice as Tier 1. Read more here.
[View source.]