Newsletter January 24, 2025

What Just Happened at the FTC and CFPB: Wiley Consumer Protection Download (January 24, 2025)

January 24, 2025

Rulemaking Announcements
Other Regulatory Announcements
Select Enforcement Actions
Upcoming Comment Deadlines and Events
More Analysis from Wiley

In the two weeks before Inauguration, both the Consumer Financial Protection Bureau (CFPB) and Federal Trade Commission (FTC) released a flurry of rulemaking developments, policy announcements, and enforcement filings and settlements – well beyond the usual pace and in anticipation of expected leadership changes. This week brought a new Chairman at the FTC – Andrew Ferguson, already a Commissioner – while the leadership of the CFPB has not yet changed as of the publication of this newsletter. Many of the regulatory actions may be stayed, potentially pursuant to President Trump’s Regulatory Freeze Pending Review Memorandum and some may be rolled back in the new Administration. We will be watching these developments closely, and expect more announcements in the coming weeks. In the meantime, this issue of the Consumer Protection Download focuses on breaking down the rush of activity earlier this month.

Wiley also has launched a Trump Administration Resource Center and Resource Guide to track Executive branch priorities during the second Administration of President Trump. With Wiley’s deep-rooted understanding of Washington and today’s evolving regulatory landscape, the Resource Center and Resource Guide provide critical insights, actionable intelligence, practical solutions, and guidance across key industries to help businesses stay ahead of the curve and manage challenges in 2025 and beyond. Please reach out to any of our authors with any questions about recent Trump Administration actions and the potential impact on regulations or enforcement activity.

To subscribe to this newsletter, click here.

Rulemaking Announcements

FTC Proposes New Earnings Claim Rule and Amendments to the Business Opportunity Rule. On January 13, the FTC voted 3-2 to issue two Notices of Proposed Rulemaking (NPRMs) and one Advance Notice of Proposed Rulemaking (ANPRM) to amend its Business Opportunity Rule and propose a new rule to regulate certain earnings claims. In his dissent, then-Commissioner (now-Chairman) Ferguson stated, “the Trump Administration will decide whether [these proposals] will ever become final rules.”

First, the Business Opportunity Rule NPRM proposes to expand the Business Opportunity Rule to cover business coaching and investment opportunities, and to require such business opportunities to comply with the Rule’s prohibitions on material misrepresentations and its recordkeeping and substantiation requirements. Second, the Earnings Claim Rule Regarding Multi-Level Marketing NPRM proposes a new rule that would “prohibit misleading or unsubstantiated earnings claims in connection with the advertising, marketing, promotion or offering” of multi-level marketing (MLM) programs, as well as “require MLM sellers to have substantiation for earnings claims and to provide it to anyone who requests it.” The proposed rule would also, among other things, require sellers to maintain records of substantiation for three years and would prohibit the distribution of marketing materials with deceptive earnings claims. Third, the Earnings Claim Rule Regarding Multi-Level Marketing ANPRM seeks comment on whether the proposed Earnings Claim Rule should contain additional prohibitions pertaining to earnings claims, and whether it should address other aspects of the MLM industry, “including making misrepresentations concerning benefits and expenses, making deceptive refund claims, and using non-disparagement clauses in contracts with multilevel marketing participants.” Comments are due 60 days after each of the items is published in the Federal Register.

FTC Finalizes Amendments to COPPA Rule. On January 16, the FTC finalized changes to the Children’s Online Privacy Protection Act (COPPA) Rule (Final Rule). The Final Rule, which we summarized here, largely adopts the amendments proposed in a January 2024 Notice of Proposed Rulemaking (2024 NPRM). Under the Final Rule, operators must disclose “identities and specific categories of any third parties to which the operator discloses personal information and the purposes of such disclosures, and the operator’s data retention policy” in their online notices. Operators must also “establish, implement, and maintain a written information security program” and “obtain written assurances” that third parties employ reasonable measures to protect children’s data. Children’s personal information must be deleted “when such information is no longer reasonably necessary for the purposes for which it was collected” and “may not be retained indefinitely.” The Final Rule also adopts three new methods for an operator to obtain verifiable parental consent, including knowledge-based authentication, facial recognition using government-issued photographic identification, and text messages “coupled with additional steps to provide assurances that the person providing the consent is the parent.” The Final Rule also implements new requirements and compliance deadlines for FTC-approved COPPA Safe Harbor programs. Notably, the Commission declined to adopt two proposals from the 2024 NPRM regarding push notifications and educational technology.

The Final Rule was passed 5-0 with incoming FTC Chair Andrew Ferguson issuing a concurring statement. In his concurrence, he identified three issues with the Final Rule and indicated the FTC moving forward may consider: 1) clarifying the definition of “materiality” in relation to parental disclosure requirements; 2) modifying the prohibition on the indefinite retention of personal information; and 3) clarifying an exception for the collection of children’s personal information for the sole purpose of age verification.

CFPB Finalizes Rule Amending Regulation V’s Prohibition on the Use of Medical Information in the Credit Evaluation Process. On January 7, the CFPB issued a Final Rule to amend Regulation V concerning medical debt. The Fair Credit Reporting Act (FCRA) prohibits creditors from considering medical information when making decisions concerning an applicant’s credit eligibility, and the Final Rule amends Regulation V to remove an exception that had permitted creditors to obtain and use information pertaining to medical debts. The Final Rule also prohibits consumer reporting agencies from furnishing to a creditor a consumer report containing medical debt information. The rule goes into effect March 17, 2025.

CFPB Proposes Interpretive Rule on EFTA Applicability and Issues RFI on Consumer Payment Data. On January 10, the CFPB issued a Notice of Proposed Interpretive Rule to clarify the existing statutory and regulatory requirements governing electronic fund transfers (EFTs). Specifically, the proposed interpretive rule provides a framework for determining when the Electronic Fund Transfer Act (EFTA) and Regulation E – which give consumers the right to dispute transactions that are potentially fraudulent – would apply to new and emerging digital payment mechanisms. Comments are due March 31, 2025.

On January 10, the CFPB also issued a Notice and Request for Information (RFI) to better understand how companies that offer consumer financial products or services “collect, use, share, and protect consumers’ personal financial data, such as data harvested from consumer payments.” Among other things, the RFI seeks comments on the effectiveness of existing regulations, how to strengthen the existing framework, and the types of data the public believes the CFPB should monitor on a routine basis. Comments are due April 11, 2025.

CFPB Proposes Rule to Restrict Certain Contractual Clauses in Consumer Financial Product and Service Agreements. On January 13, the CFPB issued an NPRM that would prohibit certain contractual provisions in agreements for consumer financial products or services. Specifically, the proposed rule would prohibit covered persons from including any terms or conditions that purport to waive substantial consumer legal rights and protections (or their remedies) granted by state or federal law, “including protections for servicemembers, laws prohibiting elder fraud, and accountability for corporate lawbreaking.” The proposal would also prohibit contract terms that limit free expression, “including with threats of account closure, fines, or breach of contract claims, as well as other contract terms.” The NPRM also aims to stop companies from updating contracts unilaterally and would codify existing prohibitions against taking a consumer’s property without judicial due process under the FTC’s Credit Practices Rule. Comments are due April 1, 2025.

Other Regulatory Announcements

FTC Holds January 2025 Open Commission Meeting and Votes on Competition-Related Matters. On January 14, the FTC held a virtual Open Commission Meeting, where the Commission heard presentations on its (1) Request for Public Comment on 6(b) Orders Related to Housing Market; (2) Enforcement Policy Statement on Exemption of Protected Labor Activity by Workers from Antitrust Liability; and (3) Second Interim Staff Report on Pharmacy Benefit Managers (PBMs). Commissioners Andrew Ferguson and Melissa Holyoak did not attend the meeting.

First, FTC staff from the Office of Policy Planning presented on the FTC’s Request for Public Comment on 6(b) Orders Related to Housing Market, in which the FTC is seeking input on proposed information requests to industry on the business models and competitive effects of large commercial real estate investors and their entrance into the single-family rental market. On January 15, the FTC unanimously voted to issue the request for comment. Comments on the request are due 60 days after publication in the Federal Register.

Second, FTC staff from the Office of Policy Planning presented on the FTC’s Enforcement Policy Statement on Exemption of Protected Labor Activity by Workers from Antitrust Liability, which states that the Clayton Act’s labor exemption classification does not turn on whether a worker is formally classified as an employer or independent contractor. Before the meeting, the FTC voted 3-2 to issue the policy statement, with Commissioners Ferguson and Holyoak dissenting, asserting that “this is not the time for the Biden-Harris Commission to announce policy changes, let alone declare how the agency will exercise prosecutorial discretion going forward.”

Third, FTC staff from the Bureau of Competition presented on the Second Interim Staff Report on Pharmacy Benefit Managers, which highlights staff findings from the Commission 6(b) study on the contracting practices of PBMs. Outside of the meeting, the FTC unanimously voted to issue the second interim report.

FTC and DOJ Issue Antitrust Guidance Regarding Workers. On January 16, the FTC and U.S. Department of Justice Antitrust Division (DOJ) issued antitrust guidelines to explain how the agencies assess whether business activities affecting workers violate antitrust laws. These guidelines replace the 2016 Antitrust Guidance for Human Resource Professionals. The new guidelines outline specific types of agreements or practices that may violate antitrust laws, “such as the use of noncompete or the sharing of information about wages among companies that compete for workers.” The guidelines also specify agreements and activities that may lead to criminal liability, “including agreements to fix wages or agreements not to poach employees.” Moreover, the guidelines advise that false claims about workers’ potential earnings may violate federal law. The Commission voted to approve the guidance 3-2, with Commissioners Ferguson and Holyoak dissenting and arguing that the guidelines are “a senseless waste of [FTC] resources” because of the Biden-Harris Administration’s “lame-duck” status.

CFPB Approves Financial Data Exchange as Standard-Setting Body Under Section 1033 of the CFPA. On January 8, the CFPB issued an order recognizing Financial Data Exchange, Inc. (FDX) as the first standard-setting body under the CFPB’s Consumer Financial Protection Act (CFPA) Section 1033 Final Rule. The Final Rule, which we covered here, requires certain depository and non-depository financial institutions to make available a consumer’s personal financial data to consumers and authorized third parties upon the consumer’s request for free. On June 5, 2024, the CFPB finalized criteria and outlined the process to become a recognized industry standard-setting body to assist regulated entities in complying with the Section 1033 Final Rule. The CFPB approved FDX as an industry standard-setting body for five years, subject to the following conditions: (1) FDX may not have any side arrangements that skew its financial incentives or creates conflicts of interest in its standard setting; (2) FDX must report to the CFPB on market use of its consensus standards or maintain a publicly available resource where companies can disclose their use of FDX standards; and (3) FDX must make its standards, standards development, and issuance processes freely available to the public.

CFPB Releases Study on BNPL Products. On January 13, the CFPB released a study on the Consumer Use of Buy Now, Pay Later (BNPL) and Other Unsecured Debt. BNPL is a short-term financing option that allows customers to purchase items and pay for them over time in installments. According to the Bureau, more than 20% of consumers with a credit record used BNPL products in 2022, and approximately 63% of those consumers used multiple simultaneous BNPL products at some point during the year. Additionally, the report states that consumers using BNPL products were likely to hold higher balances on unsecured consumer debt, such as personal loans and credit cards, and that BNPL purchases made up 28% of total unsecured consumer debt for borrowers ages 18-24 – which is higher than the average 17% for borrowers of all age groups.

Select Enforcement Actions

FTC and Georgia Attorney General Win Summary Judgment Motion and Injunctive and Monetary Relief Against a Stem Cell Therapy Company and Its Officers. On December 26, the U.S. District Court for the Northern District of Georgia issued orders for injunctive relief and monetary relief against a stem cell therapy company and its officers. In March 2024, the court granted the FTC and Georgia AG’s motion for summary judgment against the defendants, finding that they misled consumers by advertising that stem cell therapy injections could treat numerous medical conditions in violation of the FTC Act and Georgia Fair Business Practice Act. The orders for injunctive and monetary relief ban the defendants from advertising or selling of stem cell therapy treatment and require the defendants to pay a total monetary penalty of $5.155 million.

FTC Settles with Building Services Contractor for Allegedly Enforcing No-Hire Agreements. On January 6, the FTC voted 5-0 to issue a complaint and proposed order against a building services contractor for alleged violations of the FTC Act. The FTC alleges that the company included no-hire agreements in its contracts with building service workers and building owners and that the agreements extended after the termination of workers’ or owners’ contracts. The company agreed to injunctive relief and to provide notice of the order to past and present employees.

CFPB Sues Financing Company for Allegedly Unfair Practices. On January 6, the CFPB filed a complaint in the U.S. District Court for the Eastern District of Tennessee against a nonbank financing company for alleged violations of the CFPA and Truth in Lending Act. The CFPB alleges that the company provided loans to consumers who could not pay the loans because it did not correctly calculate the income and living expenses for potential customers. The CFPB seeks monetary and injunctive relief.

FTC and New York Attorney General Settle with Gig Economy Company for Allegedly Misleading Marketing Practices. On January 7, the FTC, after a 5-0 vote, and New York Attorney General filed a complaint and stipulated order in the U.S. District Court for the Southern District of New York against a gig economy company for alleged violations of the FTC Act, New York Executive Law, and New York General Business Law. The FTC and New York AG allege that the company misled consumers by advertising per hour wages that were not what the average worker received, failing to disclose the conditions new workers would have to meet to get paid promptly, and the fees workers may be charged as a part of using the platform’s services. The company agreed to pay $2.95 million in addition to injunctive relief.

CFPB Sues Credit Reporting Company for Allegedly Unfair Practices. On January 7, the CFPB filed a complaint in the U.S. District Court for the Central District of California for alleged violations of the CFPA and the FCRA. The CFPB alleges that the company failed to adequately investigate consumer disputes and failed to update consumer reports when it received new information. The CFPB seeks monetary and injunctive relief.

FTC Finalizes Order Against Facial Recognition Software Company for Allegedly Misleading Advertising. On January 13, the FTC voted 5-0 to approve, after a public comment period, the final order against a facial recognition software company for alleged violations of the FTC Act. The FTC’s complaint alleged that the company misrepresented its accuracy rates across races and genders without any bias without evidence to support the claims. The company agreed to injunctive relief.

FTC Finalizes Order Against Data Broker for Allegedly Unfair Business Practices. On January 14, the FTC voted 4-1, with Commissioner Holyoak dissenting, to approve the final order against a data broker for alleged violations of the FTC Act. The FTC’s December 2023 complaint alleged that the company collected, retained, and sold consumers’ precise location data associated with “sensitive” locations without adequately verifying consumers’ consent. Among other relief, the company agreed to establish policies and procedures regarding consumer consent and sensitive location data.

FTC Finalizes Order Against Data Broker and Its Subsidiary for Allegedly Unfair Business Practices. On January 14, the FTC voted 5-0 to approve the final order against a data broker for alleged violations of the FTC Act. The FTC’s December 2023 complaint alleged that the companies collected, retained, and sold consumers’ precise location data associated with “sensitive” locations without adequately verifying consumers’ consent. Among other relief, the company agreed to establish policies and procedures regarding consumer consent and sensitive location data.

FTC Settles with Web Hosting Company for Allegedly Insufficient Data Safeguards. On January 15, the FTC voted 5-0 to issue a complaint and proposed order against a web hosting company for alleged violations of the FTC Act. The FTC alleges that the company did not have sufficient data protection safeguards, including sufficient asset management and segmentation policies, in place to prevent recent data breaches that occurred. The company agreed to injunctive relief and to implement an information security program.

FTC and Colorado Attorney General Sue Rental Property Manager for Purportedly Deceptive Marketing Practices. On January 16, the FTC, with a 5-0 vote, and Colorado Attorney General filed a complaint in the U.S. District Court for the District of Colorado against a national multi-family rental property management company for alleged violations of the FTC Act, Gramm-Leach-Bliley Act, and Colorado Consumer Protection Act. The FTC and Colorado AG allege that the company charges tenants numerous monthly service fees without fully disclosing these fees to consumers in the lease and without providing an option to opt out of the fees. The FTC and Colorado AG seek injunctive and monetary relief.

CFPB Settles with Mobile Payment Application for Allegedly Unfair Practices. On January 16, the CFPB issued a consent order and stipulation against a mobile payment application for alleged violations of the CFPA, Electronic Fund Transfer Act, and Regulation E. The CFPB alleges that the company failed to provide adequate customer support or to investigate unauthorized transaction claims. The company agreed to pay $120 million in consumer refunds and a $55 million fine, in addition to injunctive relief.

CFPB Settles with a Group of 15 Securitization Trusts for Allegedly Deceptive Practices. On January 16, the CFPB filed a stipulated order against a group of 15 securitization trusts for alleged violations of the CFPA. The CFPB filed a complaint against the trusts in 2017, alleging that the defendants filed lawsuits to collect debts on loans that they could not prove the group owned or that the consumers actually owed, filed false or misleading affidavits, and tried to collect debt after the statutes of limitations on time-barred debts. After the defendants’ appeal to the Third Circuit claiming that trusts were not “covered persons” under the CFPA failed in March 2024, the defendants settled with the CFPB and have agreed to pay $2.5 million in addition to injunctive relief.

DOJ and FTC Settle with Game Developer for Allegedly Violating COPPA. On January 17, after the FTC voted 5-0 to refer a complaint to DOJ, the Justice Department filed a complaint and stipulated order in the U.S. District Court for the Central District of California against a game developer for alleged violations of the FTC Act and COPPA. The FTC and DOJ allege that the company marketed to and collected data from children without the requisite consent from parents. The company agreed to pay a $20 million monetary penalty in addition to injunctive relief.

CFPB Settles with Consumer Reporting Agency for Allegedly Unfair Practices. On January 17, the CFPB issued a consent order and stipulation against a consumer reporting agency for alleged violations of the CFPA and FCRA. The CFPB alleges that the company failed to adequately investigate consumer disputes, shared inaccurate credit scores caused by a software malfunction, and did not adequately remedy or detect errors on credit reports. The company agreed to pay a $15 million monetary penalty in addition to injunctive relief.

CFPB Settles with Mortgage Lender for Allegedly Deceptive Practices. On January 17, the CFPB filed a complaint and stipulated order in the U.S. District Court for the Northern District of Illinois against a non-depository mortgage lender for alleged violations of the CFPA and Equal Credit Opportunity Act. The CFPB alleges that the company failed to provide access and resources to its mortgages for all neighborhoods and disproportionately generated loan applications from majority-white neighborhoods as compared to majority-Black or Hispanic neighborhoods. The company agreed to pay a $1.5 million civil penalty in addition to ceasing all residential mortgage lending activities for five years.

CFPB Settles with Automotive Finance Company for Allegedly Unfair Practices. On January 17, the CFPB issued a consent order and stipulation against a nonbank automotive finance company for alleged violations of the CFPA, FCRA, and Furnisher Rule. The CFPB alleges that the company allowed consumers to defer payments during the COVID-19 pandemic but still reported those consumers as delinquent to credit reporting companies. The CFPB also alleged that the company failed to adequately investigate consumer disputes. The company agreed to pay a $2.5 million monetary penalty and $10.3 million in redress.

Upcoming Comment Deadlines and Events

FTC to Hold Virtual Workshop to Examine Impact of Digital Platform Design Features on Kids and Teens. The FTC will hold a virtual workshop on February 25, 2025, to “examine the use of design features on digital platforms aimed at keeping kids, including teens, online longer and coming back more frequently.” The workshop, titled “Attention Economy: Monopolizing Kids’ Time Online,” will feature researchers, technologists, child development and legal experts, consumer advocates, and industry professionals. According to the FTC, topics discussed will include: (1) how certain website design features may result in more engagement or time spent on digital platforms, and what relevant scientific research exists on the topic; (2) the physical and psychological impacts of the design features on children and teens; and (3) potentially beneficial measures or design considerations that might be effective, feasible, and consistent with current legal practice.