Newsletter

Wiley Consumer Protection Download (June 20, 2023)

June 20, 2023

Regulatory Announcements
Recent Enforcement Actions
Upcoming Comment Deadlines and Events
More Analysis from Wiley

Welcome to Wiley’s update on recent developments and what’s next in consumer protection at the Consumer Financial Protection Bureau (CFPB) and Federal Trade Commission (FTC). In this newsletter, we analyze recent regulatory announcements, recap key enforcement actions, and preview upcoming deadlines and events. We also include links to our articles, blogs, and webinars with more analysis in these areas. We understand that keeping on top of the rapidly evolving regulatory landscape is more important than ever for businesses seeking to offer new and groundbreaking technologies. Please reach out if there are other topics you’d like to see us cover or for any additional information.

To subscribe to this newsletter, click here.

Regulatory Announcements

CFPB Director Chopra Testifies Before U.S. Senate and House Committees Regarding Semiannual Report to Congress. On June 13 and June 14, CFPB Director Rohit Chopra testified before the U.S. Senate Committee on Banking, Housing and Urban Affairs (testimony available here) and the U.S. House Financial Services Committee regarding the CFPB’s Semiannual Report to Congress (testimony available here). During his testimony, Director Chopra stated that “the CFPB continues to deliver tangible results for the public today, ensuring that consumers are protected, while also preparing for the future as tech giants and artificial intelligence reshape the industry.” His testimony focused on rising household consumer debt, ongoing rulemaking proceedings, supervision of nonbank financial firms, and a shift in the CFPB’s enforcement focus from small businesses to “repeat offenders.” Questions from legislators touched on a number of topics, including the CFPB’s Notice of Proposed Rulemaking (NPRM) on credit card late fees, or “junk fees”; the regulation of artificial intelligence (AI); the recent data breach that occurred at the CFPB; and the CFPB’s regulation of peer-to-peer payment applications.

FTC Provides Annual Report to CFPB on Financial Activities. On June 7, the FTC provided its annual report to the CFPB on its enforcement and related activities in 2022 on the Truth in Lending Act (TILA), Consumer Leasing Act (CLA), and Electronic Fund Transfer Act (EFTA). The report highlights the FTC’s enforcement actions in a number of industries, including automobile purchase and financing, payday lending, credit repair and debt relief, and other credit products. The report further discusses the FTC’s current rulemakings underway, including a Proposed Rule regarding auto-related practices, and an Advance Notice of Proposed Rulemaking addressing what the FTC characterizes as “junk fees.”

FTC Issues RFI on Consumer Protection and Law Enforcement Collaboration with State Attorneys General. On June 7, the FTC issued a Request for Information (RFI) seeking comments on how it can work more effectively with state attorneys general on consumer protection and enforcement initiatives. The RFI comes at the direction of the FTC Collaboration Act of 2021, which was signed into law last year. The FTC Collaboration Act of 2021 requires the agency to conduct a study on “facilitating and refining existing efforts with State Attorneys General to prevent, publicize, and penalize frauds and scams being perpetrated on individuals in the United States.” The legislation also requires the FTC to consult directly with interested stakeholders on the study. Comments on the RFI are due August 14.

CFPB Issue Spotlight Analyzing AI Chatbot Performance in Banking. On June 6, the CFPB released an issue spotlight on the adoption of chatbots by financial institutions, including chatbots that utilize AI to generate responses to customers. According to the issue spotlight, the CFPB has received “numerous complaints” from customers trying to receive answers from financial institutions, or raise a dispute or concern. The CFPB notes that “[f]inancial products and services can be complex, and the information being sought by people shopping for or using those products and services may not be easily retrievable or effectively reduced to an FAQ response.” The issue spotlight states that the use of chatbots raises several risks, including noncompliance with federal consumer financial protection laws, diminished customer service and trust, and harm to consumers.

FTC Data Spotlight Shows That Bank Impersonation is the Most-Reported Type of Text Message Scam. On June 8, the FTC released a data spotlight ranking the top five types of text message scams reported in 2022. According to the FTC data spotlight, consumers reported losing $330 million to text message scams in 2022, which is more than double what was reported in 2021. The FTC’s analysis examined a random sample of 1,000 text messages reported to the agency, finding that fake bank security messages, often from the largest banks, were the most common type of scam. Other common types of impersonation scams included messages claiming to offer a free gift, often from a cell phone carrier or retailer; fake claims of package delivery issues; fabricated job offers for things like mystery shopping and car wrapping; and other fake account security alerts.

Recent Enforcement Actions

FTC Settles With PPP Marketer Charged with Falsely Promising Quick Delivery of Facemasks. On May 15, the U.S. District Court District Court for the Middle District of Florida issued a final judgment and order against Frank Romero (d/b/a Trend Deploy) for violation the Mail Order Rule, the FTC Act, and the COVID-19 Consumer Protection Act. The FTC filed a complaint against Romero in June 2021 for allegedly failing to notify consumers of delayed shipments, failing to offer cancellations and refunds as required by the FTC’s Mail Order Rule, and failing to honor refund requests so that consumers can buy offered products elsewhere. The court granted the FTC’s Motion for Summary Judgment and is ordering Romero to cease selling protective goods and services and pay two monetary judgments totaling $992,000.

FTC Sues Real Estate Investment Companies for Allegedly Misrepresenting Investment Opportunities to Consumers. On June 5, the FTC filed a complaint in the U.S. District Court for the Middle District of Florida against Ganadores Online, Ganadores Inversiones Bienes Raíces, and their owners (Defendants), for allegedly violating the FTC Act, Business Opportunities Rule, and Cooling Off Rule. The FTC alleges that the Defendants misled consumers by falsely promising that attendance at the Defendants’ costly three-day workshop would guarantee success in starting an online business or investing in real estate, failing to deliver the mentorship and lucrative investment opportunities promised, and not translating all disclaimers into Spanish for consumers who did not speak English. The FTC further alleges that consumers were denied refunds when the Defendants’ services failed to deliver the financial returns promised. On June 7, the district court has granted the FTC’s motion for a temporary restraining order against the Defendants, freezing their assets. The FTC is requesting a permanent injunction against the Defendants and monetary relief for harmed consumers.

FTC and DOJ Settle Alleged COPPA Violations on Video Game Platform. On June 5, the FTC and U.S. Department of Justice (DOJ) filed a complaint and stipulated order against Microsoft Corp. in the U.S. District Court for the Western District of Washington for alleged violations of the FTC Act and Children’s Online Privacy Protection Act (COPPA). The FTC and DOJ allege that Microsoft collected and retained unnecessary data from consumers under thirteen years of age on its Xbox Live online platform, and failed to adequately disclose to parents the type of data collected and how the collected data was used by third parties. The company has agreed to pay a $20 million civil money penalty in addition to implementing a data deletion system, updating parents about how to protect their child’s data, and informing video game publishers when disclosing children’s data. 

CFPB Settles with Third-Party Debt Collector for Alleged Use of Deceptive Debt Collection Practices. On June 8, the CFPB filed a consent order and stipulation against Phoenix Financial Services, an Indiana-based third-party debt collector, for allegedly violating the Fair Credit Reporting Act and Fair Debt Collection Services Act. The CFPB alleged that Phoenix Financial continued to send collection notices to consumers who disputed a debt collection claim and potentially sent incorrect debt information to consumer reporting companies. Phoenix Financial has agreed to pay $1.67 million in addition to injunctive relief.

Upcoming Comment Deadlines and Events

FTC RFI on Cloud Computing Industry. Comments are due June 21 (extended from May 22) on an FTC RFI seeking information regarding the business practices of cloud computing providers. The RFI outlines questions on both competition and data security issues in the cloud computing industry. The RFI also notes that FTC staff is interested in cloud computing with regards to specific industries, including healthcare, finance, transportation, e-commerce, and defense.

FTC Seeking Comment on Negative Option Rule NPRM. Comments are due June 23 on the FTC’s Negative Option Rule NPRM. Negative option marketing refers to commercial transactions where sellers interpret a customer’s inaction to either reject or cancel an agreement as an acceptance of a product or service. The FTC’s current Negative Option Rule requires certain prenotification plan sellers to disclose their plan’s material terms clearly and conspicuously before consumers subscribe. Prenotification plans are those that provide periodic notices offering goods to participating consumers and subsequently send and charge for those goods if consumers take no action to decline the offers. The NPRM proposes to expand the Negative Option Rule to all forms of negative option marketing, including continuity plans, automatic renewals, and free trials in all media (e.g., telephone, Internet, traditional print media, and in-person transactions). The NPRM also would make a number of changes to the Negative Option Rule, including requiring negative option plan sellers to provide a one-click opt-out mechanism for current subscription customers; adding opt-in requirements for negative option plan sellers seeking to make new offers to customers; and implementing a requirement that negative option plan sellers must, on an annual basis, remind customers enrolled in subscription services involving anything other than physical goods about the current subscription before it is renewed.

FTC Seeking Comment on Revisions to Health Breach Notification Rule. Comments are due August 8 on the FTC’s Notice of Proposed Rulemaking to Amend the Health Breach Notification Rule (HBNR NPRM). The HBNR NPRM proposes to update the HBNR to clarify the rule’s coverage of mental health apps and other technologies that collect location and browsing history data. The HBNR NPRM also proposes to clarify, among other things, that the definition of “breach of security” under the rule includes an unauthorized acquisition of identifiable health information that occurs as a result of a data security breach or an unauthorized disclosure, and therefore it would not limit reportable incidents to “cybersecurity intrusions or nefarious behavior.”

FTC to Host Workshop on Proposed Changes to the Funeral Rule. On September 7, the FTC will host a public workshop on the changes to its Funeral Rule proposed in its Advance Notice of Proposed Rulemaking. The workshop will cover a number of topics including, among other things, online or electronic disclosures of price information, the general price list required by the Funeral Rule, and whether funeral providers should be required to give out general price lists in languages other than English. The public can submit comments on the topics to be covered in the workshop until October 10. Instructions for filing comments will be published in the Federal Register.

More Analysis from Wiley

Wiley Wins Four Law360 ‘Practice Group of the Year’ Awards for 2022

Podcast: The FTC Safeguards Rule: A Deep Dive into the Revisions Effective June 9, 2023

Webinar: How to Keep Up with the Influx of New State Privacy Laws and Regulations

Podcast: What could AI regulation in the US look like?

FCC Launches Privacy and Data Protection Task Force

A New White House Project on Responsible AI Sends a Message to the Private Sector, Including Contractors

FTC Issues Policy Statement on Biometric Information, Signaling a New Enforcement Priority

FTC Joins the Cloud Security Discussion

5 Takeaways From Recent CFPB, FTC Equal Credit Push

Podcast: AI Risk Management: A Discussion with NIST’s Elham Tabassi on the NIST AI Risk Management Framework

Generative AI Policies: Five Key Considerations for Companies to Weigh Before Using Generative AI Tools

State Privacy Update: California Finalizes New CCPA Regulations and Iowa Becomes the Sixth State to Adopt Comprehensive Privacy Legislation

State Privacy Update: A New Omnibus Privacy Law Passes in Iowa, Colorado Finalizes Privacy Rules

NTIA Seeks Comment on AI Accountability

FTC Proposes New Rule to Broadly Ban Non-Compete Agreements

FTC Requests Comment on Potential Revisions to Green Guides

Webinar: Staying Ahead of State Privacy Laws: Tips and Best Practices for Building Compliant Strategies for Five Key States

Five New States Advance Privacy Laws in May 2023

Podcast: State Privacy Laws and Federal Government Contractors

California Moves Closer to Finalizing Updated CCPA Regulations and Launching a New Rulemaking for Cybersecurity Audits, Risk Assessments, and Automated Decisionmaking

CISA Seeks Comments on New Security Attestation for Software Procurements

New York Law Will Regulate Consumer Device Repair Options: What the Digital Fair Repair Act Means for the Consumer Electronics Industry

California Age-Appropriate Design Code Act to Impose Significant New Requirements on Businesses Providing Online Services, Products, or Features

An Introduction to the California Age-Appropriate Design Code

Webinar: Transactional Due Diligence Related to Privacy and Cybersecurity

Webinar: FTC’s Revised Safeguards Rule: How to Navigate New Information Security Requirements

Duane Pozza Named a Cryptocurrency and Fintech ‘Trailblazer’ by The National Law Journal

U.S. State Privacy Law Guide

Legal 500 US Recognizes Wiley’s Telecom, Media & Technology Practice as Tier 1. Read more here.

Download Disclaimer: Information is current as of June 20, 2023. This document is for informational purposes only and does not intend to be a comprehensive review of all proceedings and deadlines. Deadlines and dates are subject to change. Please contact us with any questions.

Read Time: 12 min
Jump to top of page

Wiley Rein LLP Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek