Welcome to Wiley’s update on recent developments and what’s next in consumer protection at the Consumer Financial Protection Bureau (CFPB) and Federal Trade Commission (FTC). In this newsletter, we analyze recent regulatory announcements, recap key enforcement actions, and preview upcoming deadlines and events. We also include links to our articles, blogs, and webinars with more analysis in these areas. We understand that keeping on top of the rapidly evolving regulatory landscape is more important than ever for businesses seeking to offer new and groundbreaking technologies. Please reach out if there are other topics you’d like to see us cover or for any additional information.
Regulatory Announcements
FTC Proposes Changes to Negative Option Rule to Expand Cancellation Option Requirements for Subscription Plans. On March 23, the FTC released a Notice of Proposed Rulemaking (NPRM) seeking comment on proposed revisions to the FTC’s Negative Option Rule. Negative option marketing refers to commercial transactions where sellers interpret a customer’s inaction to either reject or cancel an agreement as an acceptance of a product or service. The FTC’s current Negative Option Rule requires certain prenotification plan sellers to disclose their plan’s material terms clearly and conspicuously before consumers subscribe. Prenotification plans are those that provide periodic notices offering goods to participating consumers and subsequently send and charge for those goods if consumers take no action to decline the offers. The NPRM proposes to expand the Negative Option Rule to all forms of negative option marketing, including continuity plans, automatic renewals, and free trials in all media (e.g., telephone, Internet, traditional print media, and in-person transactions). The NPRM also would make a number of changes to the Negative Option Rule, including requiring negative option plan sellers to provide a one-click opt-out mechanism for current subscription customers; adding opt-in requirements for negative option plan sellers seeking to make new offers to customers; and implementing a requirement that negative option plan sellers must, on an annual basis, remind customers enrolled in subscription services involving anything other than physical goods about the current subscription before it is renewed. Comments on the NPRM are due 60 days after publication in the Federal Register.
The FTC voted 3-1 to issue the NPRM, with Commissioner Wilson dissenting and issuing a statement, arguing that the NPRM broadens the scope of the Negative Option Rule to sweep in “far more conduct than previously anticipated” by the comments that the agency received in the previous Advance Notice of Proposed Rulemaking, which was issued in 2019. Chair Khan and Commissioners Slaughter and Bedoya issued a separate statement arguing that the NPRM would provide “clarity across industries about sellers’ obligations when engaging in negative option marketing.”
FTC Releases RFI on Cloud Computing Industry. On March 22, the FTC released a Request for Information (RFI) seeking information regarding the business practices of cloud computing providers. The RFI outlines questions on both competition and data security issues in the cloud computing industry. The RFI also notes that FTC staff is interested in cloud computing with regards to specific industries, including healthcare, finance, transportation, e-commerce, and defense. Comments on the RFI are due May 22, 2023.
FTC to Hold Informal Hearing on Its Impersonation Fraud Rulemaking. On March 22, the FTC announced that it will hold an informal hearing on its proposed rule prohibiting government and business impersonation fraud on May 4, 2023. According to the Federal Register Notice, there are “no ‘disputed issues of material fact’ to resolve at the informal hearing” and accordingly, “the presiding officer of the hearing will make no recommended decision.” However, parties may submit written statement in advance, or make oral statements at the hearing. Parties wishing to make a statement at the formal hearing must make a request by April 14, 2023, and any written submissions are also due on that date.
FTC Issues Final Rule Establishing the Budget Approval Process for HISA. On March 22, the FTC made updates to its Rules of Practice to establish a process by which the Horseracing Integrity and Safety Authority (HISA) can submit its budget to the FTC for review and approval. HISA was established following the implementation of the Horseracing Integrity and Safety Act, and was amended by the Consolidated Appropriations Act of 2023 after the Fifth Circuit held the Act unconstitutional in National Horsemen’s Benevolent & Protective Ass’n v. Black. The FTC voted 3-0-1 to issue the Final Rule, with Commissioner Wilson not voting.
CFPB Issues Compliance Bulletin on Servicer Treatment of Private Student Loans Following Bankruptcy Discharge. On March 16, the CFPB released a Compliance Bulletin and Policy Guidance (Compliance Bulletin) regarding servicer treatment of private student loan borrowers whose loans were discharged following a bankruptcy. The Bulletin advises that “[s]tudent loans that are not ‘qualified education loans’ . . . are discharged under standard bankruptcy discharge orders.” The Bulletin notes, however, that “[i]n recent supervisory work, CFPB examiners identified servicers that did not determine whether education loans were qualified or non-qualified.” As a result, servicers returned private student loans that were discharged through bankruptcy to repayment and continued to bill and collect payments from borrowers. The Bulletin states that this conduct violates the Consumer Financial Protection Act (CFPA). The Bulletin further notes that the CFPB “will pay particular attention to servicers’ practices in connection with student loans that are the subject of bankruptcy discharge orders, including whether discharged debts are being collected contrary to bankruptcy court orders.”
FTC Holds March 2023 Open Commission Meeting. On March 16, the FTC held its monthly virtual Open Commission Meeting. During the meeting, the FTC voted to issue two sets of Section 6(b) Orders to (1) social media and video streaming platforms; and (2) business credit reporting agencies, respectively. The first set of 6(b) Orders ask how the social media and video streaming platforms monitor and review deceptive advertising. The orders were sent to eight social media and video streaming platforms.
The second set of 6(b) Orders were sent to five small business credit reporting agencies, asking about how they collect and report data about small businesses, and how they market their business credit reporting products.
At the conclusion of the March Open Meeting, Chair Khan noted that Commissioner Christine Wilson would be leaving the FTC on March 31, as Commissioner Wilson had previously announced.
CFPB Releases RFI on Data Broker Business Practices. On March 15, the CFPB released an RFI seeking public comments on the business practices of data brokers. Specifically, the RFI seeks information about the business models and data collection practices of a range of entities it defines as “data brokers,” including the types of information that they collect, sell, and aggregate; the types of sources that they rely on to collect information; and the types of information that they receive from financial institutions, among other questions. Comments on the RFI are due June 13, 2023.
FTC Submits FY 2024 Budget Request to Congress. On March 13, the FTC submitted its Fiscal Year (FY) 2024 Budget Request to Congress. In the Budget Request, the agency is asking for $590 million for FY 2024 and 1,690 full-time equivalent (FTE) positions. This represents an increase of $160 million from FY 2023, and 310 additional FTE positions. The FY 2024 Budget Request submission also includes the Performance Plan for FY 2023 and FY 2024 and Performance Report for FY 2022. The report’s three strategic goals are to: (1) protect the public from unfair or deceptive acts or practices in the marketplace; (2) protect the public from unfair methods of competition in the marketplace and promote fair competition; and (3) advance the FTC’s effectiveness and performance.
Recent Enforcement Actions
FTC Finalizes Settlement with Epic Games for Alleged Child Online Privacy Violations and Deceptive Billing Practices. On March 14, the FTC finalized its order against video game manufacturer, Epic Games, after a 30-day notice and comment period. The settlement resolves allegations that Epic failed to comply with Children’s Online Privacy Protection Act’s rules for parental notice, consent, review, and data deletion requirements, and further caused children harm by configuring default settings to pair children and teens with adult strangers in interactive gameplay. The FTC’s order requires Epic to pay $245 million to the FTC and to require affirmative consent from users before charging consumers.
FTC Approves Order Against LasikPlus for Allegedly Deceptive Price Advertising. On March 15, the FTC finalized its order against LasikPlus and Joffe MediCenter after a 30-day notice and comment period. The FTC brought its complaint against LasikPlus in January 2023 for allegedly advertising services for a lower price than consumers were actually charged, failing to make clear to consumers that the advertised cost was “per eye” and that only certain consumers were eligible for the discounted pricing being advertised in violation of the FTC Act. The Defendants have agreed to pay a $1.25 million civil money penalty as part of the consumer order.
FTC Settles with Glass Container Company for Enforcing Allegedly Unfair Noncomplete Clauses. On March 15, the FTC issued a complaint and consent order against Anchor Glass Container Corp, and its owners, Lynx Finance GP, LLC and Lynx Finance L.P. The FTC alleges that Anchor engaged in unfair methods of competition in violation of Section 5 of the FTC Act, by limiting the ability of ex-employees to find new employment after entering into noncompete clauses that included a one-year ban on any employment by similar manufacturers and from selling products to any Anchor customer or prospective customer. The stipulated order prohibits Anchor from enforcing or threatening to enforce noncompete clauses against employees. Additionally, as part of the stipulated order, Anchor must conspicuously display notices, for at least 10 years, to new employees that they are not subject to any noncompete clauses. This consent package was approved by the Commission 3-1, with Commissioner Wilson dissenting and issuing a statement criticizing the case for purportedly failing “to provide facts to support the hypothesized outcome” that the use of non-compete agreements “has a tendency to harm competition and workers.” On March 21, The FTC published the consent order in the Federal Register for a 30-day comment period.
FTC Settles with Medical Clinic for Alleged Violations of the Opioid Addiction Recovery Fraud Prevention Act. On March 16, the FTC and DOJ filed a complaint and proposed order in the Eastern District Court of Tennessee against Dr. Dalal A. Akoury and her medical center, AWAREmed Health & Wellness Resource Center, alleging violations of the FTC Act and Opioid Addiction Recovery Fraud Prevention Act (OARFPA). The complaint alleges that the defendants advertised treatment success without the necessary scientific evidence to support claims of effective treatments for cancer, chronic diseases, and addictions. The proposed order requires the defendants to pay a $100,000 civil money penalty in addition to injunctive relief.
FTC Sues Multiple Companies and Individuals for Allegedly Violating the Telemarketing Sales Rule in Sales of Auto Warranties. On March 23, FTC filed a stipulated order in the Southern District Court of Florida against five defendants that allegedly participated in a telemarketing operation to deceptively sell automobile warranties in violation of the FTC Act and Telemarketing Sales Rule. Defendants include American Vehicle Protection Corporation; CG3 Solutions, Inc.; Tony Gonzalez Consulting Group, and its owners, Tony Allen Gonzalez and Charles Gonzalez; Kole Consulting Group, Inc., and its owner and manager, Daniel Kole (collectively, “Defendants”). The FTC filed its original complaint against the Defendants in February 2022 alleging that the Defendants illegally called consumers, many of whom were on the Do Not Call Registry; deceived consumers by misrepresenting that calls were made on behalf of the consumers’ vehicle manufacturer; and made false claims about the applicability of “extended auto warranty” programs. The FTC has settled with American Vehicle Protection Corporation; CG3 Solutions, Inc.; Tony Gonzalez Consulting Group, and its owners, Tony Allen Gonzalez and Charles Gonzalez for a total of $6.6 million and permanent injunctions banning those defendants from operating in the automobile warranty industry. The case with the remaining defendants is still ongoing.
CFPB Settles with Nationwide Debt Collector for $24 Million. On March 23, the CFPB filed a complaint and stipulated order in the Eastern District Court of Virginia against Portfolio Recovery Associates for alleged violations of the CFPA and Fair Credit Reporting Act. The CFPB alleges that Portfolio misrepresented debt information to consumers and improperly threatened legal action against consumers for debt outside the statute of limitations or without providing documentation of the debt. In 2015, the CFPB brought similar allegations against Portfolio and issued an order for injunctive and monetary relief. The CFPB's consent order requires Portfolio to pay a $12 million civil penalty and $12.18 million in redress, in addition to including a permanent injunction.
Upcoming Comment Deadlines and Events
CFPB Proposes Rule to Establish Registry of Nonbank Terms or Conditions That Claim to Waive or Limit Consumer Rights. Comments are due March 31, 2023 on the CFPB’s Proposed Regulation to establish a public registry of nonbank financial institutions’ terms or conditions that purport to waive or limit consumer rights or protections, such as “bankruptcy rights, liability amounts, or complaint rights.” Specifically, the Proposed Rule would require nonbanks that are subject to the CFPB’s supervisory authority to submit information on terms and conditions in form contracts they use.
CFPB Proposes to Create Registry of Nonbank Financial Institutions Subject to Federal, State, or Local Agency or Court Orders. Comments are due March 31, 2023 on the CFPB’s Proposed Rule regarding whether the agency should require nonbank financial firms to register with the CFPB when they become subject to local, state, or federal consumer financial protection agency or court orders. The Proposed Rule further seeks comment on whether it should publish the registry online. The Proposed Rule would require nonbank financial institutions to report final agency and court orders and judgments under federal or state consumer financial protection laws regarding unfair, deceptive, or abusive acts or practices. Additionally, larger nonbanks supervised by the CFPB would be required to designate a senior executive to submit an annual written certification affirming the steps taken to oversee activities subject to such an order and whether the executive knows of any instances of noncompliance or violations.
FTC Issues NPRM Proposing to Broadly Ban Employee Non-Compete Clauses. Comments are due April 19, 2023 (extended from March 20, 2023) on the FTC’s NPRM that proposes to ban employers from imposing and enforcing employee non-compete clauses in contracts (we summarized the NPRM here). The NPRM specifically seeks comment on prohibiting an employer from: (1) either entering into or attempting to enter into a non-compete agreement with an employee; (2) maintaining a non-compete agreement with an employee; and (3) representing to an employee that they are subject to a non-compete clause without a good faith basis to believe that the employee is subject to an enforceable non-compete clause.
FTC Requests Comment on Regulatory Review of the Green Guides. Comments are due April 24, 2023 (extended from February 21, 2023) on the FTC’s Request for Comment to commence a regulatory review of the Guides for the Use of Environmental Marketing Claims (Green Guides). The Request for Comment (which we summarized here) asks, among other things: (1) whether the Green Guides should provide additional guidance on claims related to carbon offsets and climate change; (2) whether guidance on the term “recyclable” should be revised; (3) whether the term “recycled content” and claims about recycled content are widely understood by consumers; and (4) whether there is need for additional guidance in the Green Guides regarding “biodegradable,” “compostable,” “ozone-friendly,” and “sustainable” product claims, or guidance on additional kinds of environmental claims. The Request for Comment also asks whether any aspect of the Green Guides should be codified as a rule.
FTC to Host a Workshop on “Recyclable” Claims. The FTC will host a workshop on May 23, 2023 titled Talking Trash at the FTC: Recyclable Claims and the Green Guides. The workshop is part of its recently announced regulatory review of the Green Guides. The half-day hybrid event will cover topics including: the current state of recycling practices and advertisements, consumer perceptions of recycling-related claims, and whether the Green Guides need to be updated or revised to accommodate changes in recycling advertising. Comments related to the issues discussed at the workshop are due June 13, 2023.
More Analysis from Wiley
Wiley Wins Four Law360 ‘Practice Group of the Year’ Awards for 2022
5 Takeaways From Recent CFPB, FTC Equal Credit Push
FTC Proposes New Rule to Broadly Ban Non-Compete Agreements
FTC Requests Comment on Potential Revisions to Green Guides
At CES, FTC Commissioner Slaughter Discusses Agency Priorities and Tech Innovation
State Privacy Update: A New Omnibus Privacy Law Passes in Iowa, Colorado Finalizes Privacy Rules
Webinar: Staying Ahead of State Privacy Laws: Tips and Best Practices for Building Compliant Strategies for Five Key States
California Moves Closer to Finalizing Updated CCPA Regulations and Launching a New Rulemaking for Cybersecurity Audits, Risk Assessments, and Automated Decisionmaking
NIST Releases AI Risk Management Framework, Expected to Be a Critical Tool for Trustworthy AI Deployment
New York Law Will Regulate Consumer Device Repair Options: What the Digital Fair Repair Act Means for the Consumer Electronics Industry
New Year, New State Privacy Laws: California and Virginia Laws Are Now Effective and More Requirements Are on Tap in 2023
FTC and DOJ File Complaint Against “Web of VoIP Service Providers” for Allegedly Making Illegal Robocalls Using Ringless Voicemails
PrivacyCon Illustrates the FTC’s Focus on AI and Automated Decision Making Systems
FTC’s PrivacyCon Highlights Risks and Opportunities For Children’s Privacy
PrivacyCon 2022: FTC Hears from Researchers on Wide Range of Topics, Many of Which Overlap With Its Ongoing Privacy and Security Efforts
FTC Pushing Ahead Toward Major Privacy Regulation
FTC Hosts Event to Examine Children’s Advertising in Digital Media
New Congressional Report Raises Possibility of False Claims Act Scrutiny for Fintech Companies Involved In PPP Loans
The Future of Web3 Depends on Careful Regulatory Approaches
California Age-Appropriate Design Code Act to Impose Significant New Requirements on Businesses Providing Online Services, Products, or Features
An Introduction to the California Age-Appropriate Design Code
West Virginia v. EPA and the Future of Tech Regulation
U.S. State Privacy Law Guide
Cyber Spotlight: Wiley Tackles White House’s National Cybersecurity Strategy and Other Developments
FCC Adopts Sixth Report and Order Expanding Robocall Obligations for Broad Universe of Providers
Time Is Ticking For Callers To Address Complex TCPA Rules
Enter Stage Right – a New Cyber Regulator Steps into the Spotlight
Webinar: Transactional Due Diligence Related to Privacy and Cybersecurity
Webinar: FTC’s Revised Safeguards Rule: How to Navigate New Information Security Requirements
Duane Pozza Named a Cryptocurrency and Fintech ‘Trailblazer’ by The National Law Journal
Legal 500 US Recognizes Wiley’s Telecom, Media & Technology Practice as Tier 1. Read more here.
[View source.]