Wiley Consumer Protection Download (November 14, 2022)
*Originally published November 14, 2022
Regulatory Announcements
Significant Enforcement Actions
Upcoming Comment Deadlines and Events
More Analysis from Wiley
Welcome to Wiley’s update on recent developments and what’s next in consumer protection at the Consumer Financial Protection Bureau (CFPB) and Federal Trade Commission (FTC). In this newsletter, we analyze recent regulatory announcements, recap key enforcement actions, and preview upcoming deadlines and events. We also include links to our articles, blogs, and webinars with more analysis in these areas. We understand that keeping on top of the rapidly evolving regulatory landscape is more important than ever for businesses seeking to offer new and ground-breaking technologies. Please reach out if there are other topics you’d like to see us cover or for any additional information.
To subscribe to this newsletter, click here.
Regulatory Announcements
FTC Announces Agenda for November 2022 Open Commission Meeting. On November 10, the FTC announced the agenda for its November 17, 2022 Open Commission Meeting, which includes consideration of an advance notice of proposed rulemaking (ANPR) regarding amendments to the agency’s Business Opportunity Rule. The ANPR will include “a proposed expansion of the rule to include other types of money-making opportunities, such as such as business and e-commerce coaching and work-from-home offers.”
CFPB Issues Complaint Bulletin Highlighting Consumer Complaints Related to Cryptocurrency Assets. On November 10, the CFPB issued a Complaint Bulletin highlighting complaints that consumers reported related to crypto assets. According to the Bulletin, consumers most commonly reported being the victim of fraud, theft, account hacks, and scams. Consumers also reported issues with transferring assets and reported difficulties in accessing their funds due to issues with crypto platforms, identity verification, and security holds. The Complaint Bulletin advises consumers to: (1) beware of common crypto-related scams; (2) report suspicious Federal Deposit Insurance Corporation claims suggesting government endorsement or insurance protection; and (3) submit complaints to the CFPB.
CFPB Issues Consumer Financial Protection Circular on CRA and Furnisher Investigation Practices. On November 10, the CFPB issued a Consumer Financial Protection Circular warning that both Consumer Reporting Agencies (CRAs) and information furnishers may be held liable under the Fair Credit Reporting Act (FCRA) for failing to fully investigate reporting disputes. The Circular states that CRAs are required to notify and provide all information relevant to a consumer’s dispute to the furnisher under the FCRA within five business days. The Circular also emphasizes that CRAs and information furnishers may not limit individual consumer dispute rights, and that furnishers must reasonably investigate all indirect consumer disputes under the FCRA.
FTC Announces Policy Statement on ‘Unfair Methods of Competition’ Enforcement. On November 10, the FTC adopted the Policy Statement Regarding the Scope of Unfair Methods of Competition Under Section 5 of the FTC Act (Policy Statement) by a 3-1 vote. The Policy Statement interprets the FTC’s authority under Section 5 of the FTC Act to enforce against “unfair methods of competition” to be broader than the Sherman Act’s “rule of reason” test. The Policy Statement lists a number of prior enforcement decisions and consent decrees under Section 5 of the FTC Act that, according to the Policy Statement, focus “on conduct that constitutes an incipient violation of the antitrust laws or that violates the spirit of the antitrust laws.” Chair Khan and Commissioners Slaughter and Bedoya issued a statement in support of the Policy Statement, arguing that Congress “intended Section 5 to prohibit conduct that threatened fair competition even if it fell beyond the scope of the Sherman Act.” Commissioner Wilson dissented, argues that the Policy Statement announces that the FTC has “the authority summarily to condemn essentially any business conduct it finds distasteful.”
Significant Enforcement Actions
FTC Announces Settlement with Chegg Inc. for Allegedly Failing to Protect Consumer Data. On October 31, the FTC announced a complaint and settlement against Chegg Inc. (Chegg), a company that sells educational products and services directly to students, for allegedly failing to properly encrypt, implement access controls, or adequately monitor the security of its customer and employee data. According to the FTC, these security failures contributed to several phishing attacks the past four years. The proposed settlement would require Chegg to limit its data collection, give consumers access and control over the collection and retention of their data, implement multi-factor authentication, and develop a comprehensive information security program. The FTC published a description of the consent agreement package for public comment in the Federal Register. Comments are due December 14.
FTC Settles with Vonage Over Alleged Violations of ROSCA. On November 3, the FTC filed a complaint against and announced a settlement with Vonage, an internet phone service provider, for allegedly making it difficult for consumers to cancel their services in violation of the FTC Act and the Restoring Online Shoppers’ Confidence Act (ROSCA). The FTC claims that Vonage made it difficult for consumers to cancel service with recurring charges, among other allegations. Vonage agreed to a proposed settlement which includes payment of $100 million to the FTC in addition to revising its cancellation processes and providing consumers more information about the terms of services with recurring charges.
Upcoming Comment Deadlines and Events
FTC Requests Comment on ‘Commercial Surveillance’ and Data Security ANPR. Comments are due November 21 (extended from October 21) on the FTC’s Trade Regulation Rule on Commercial Surveillance and Data Security ANPR (which we summarized in greater detail here). The wide-ranging ANPR seeks feedback on dozens of questions regarding consumer privacy, data security, and algorithmic uses, and discusses a number of potential regulatory approaches to what the agency calls “commercial surveillance.” The agency defines “commercial surveillance” as the “collection, aggregation, analysis, retention, transfer, or monetization of consumer data and the direct derivatives of that information,” and “data security” as “breach risk mitigation, data management and retention, data minimization, and breach notification and disclosure practices.” The FTC issued the ANPR under its Section 5 FTC Act authority, which requires any eventual rule to be grounded in “unfair or deceptive acts or practices” as specified in the Act.
CFPB Seeks Comment on Methods to Spur New Mortgage Products. Comments are due November 28 on the CFPB’s Request for Information seeking comment on “(1) ways to facilitate mortgage refinances for consumers who would benefit from refinancing, especially consumers with smaller loan balances; and (2) ways to reduce risks for consumers who experience disruptions in their financial situation that could interfere with their ability to remain current on their mortgage payments.” The Request for Information specifically seeks comment on new products and services, such as refinance programs that are targeted and streamlined, refinancing products such as automatic refinancing, and automatic mortgage forbearance and assistance with long-term loss mitigation.
CFPB Issues Orders to Collect Information on Business Practices of Large Technology Companies. Comments are due December 7 on a request for comment after the CFPB issued several orders on October 21, 2021 to collect information on the business practices of national technology companies operating payment systems in the United States. The CFPB initially sought comment on the orders in November 2021, but re-opened the docket this month, adding questions about whether certain fees and access restrictions may violate the companies’ acceptable use policies. The CFPB states that the information will help the agency to better understand how the companies use payments data and manage data access. The agency issued the orders under its Consumer Financial Protection Act (CFPA) Section 1022(c)(4) authority, which gives the CFPB the ability to seek information from payments markets participants in order to monitor for risks to consumers and publish aggregated findings that are in the public interest. Initial orders were sent to Amazon, Apple, Facebook, Google, PayPal, and Square.
FTC Seeks Comment on Business and Government Impersonation NPRM. Comments are due December 16 on the FTC’s Government and Business Impersonation Fraud Advance Notice of Proposed Rulemaking (NPRM). The NPRM proposes a rule that would allow the FTC to obtain penalties against fraudsters impersonating companies, non-profit organizations, and government agencies.
FTC Solicits Feedback on Funeral ANPR Rule ANPR. Comments are due January 3, 2023 on the FTC’s Funeral Rule ANPR. The ANPR seeks comment on updates to the Funeral Rule, including improvements to the public accessibility of funeral home price information.
FTC Seeks Comment on Junk Fees ANPR. Comments are due January 9, 2023 on the FTC’s Junk Fees ANPR. As we explained in greater detail here, the ANPR asks 21 questions about what the FTC labels as “junk fees” practices such as “drip pricing”; billing consumers for products and services without consent; and whether a “junk fees” rule should require that “businesses to disclose in all advertising one price that encompasses all mandatory component parts.”
FTC Requests Input on Fake Reviews and Endorsements ANPR. Comments are due January 9, 2023 on the FTC’s Fake Reviews and Endorsements ANPR. The ANPR asks 17 questions about the presence of fake reviews and endorsements in the marketplace, what regulatory provisions mitigate or deter them, and whether additional rules are needed.
More Analysis from Wiley
Duane Pozza Named a Cryptocurrency and Fintech ‘Trailblazer’ by The National Law Journal
PrivacyCon Illustrates the FTC’s Focus on AI and Automated Decision Making Systems
FTC’s PrivacyCon Highlights Risks and Opportunities For Children’s Privacy
FTC Pushing Ahead Toward Major Privacy Regulation
FTC Launches Rulemaking on Fee Disclosures and Practices Across Industries
FTC Hosts Event to Examine Children’s Advertising in Digital Media
Crypto and Web3 Under Consumer Protection Scrutiny
How the Supreme Court’s OT 2022 Term (So Far) Might Affect Tech
California AG Issues First Fine for CCPA Violations
An Introduction to the California Age-Appropriate Design Code
NIST Is Taking Critical Steps Towards an AI Risk Management Framework
The Private Sector Should Watch NIST’s Broad Work on Privacy and Cybersecurity Guidance
FTC Highlights Scrutiny of Health and Geolocation Data
West Virginia v. EPA and the Future of Tech Regulation
Executive Order on EU-U.S. Data Sharing Signed
EU Institutions Reach Agreement on Landmark Regulations Targeting Big Tech
Webinar: Transactional Due Diligence Related to Privacy and Cybersecurity
Webinar: FTC’s Revised Safeguards Rule: How to Navigate New Information Security Requirements
Podcast: Why the FTC Matters for Fintech
Legal 500 US Recognizes Wiley’s Telecom, Media & Technology Practice as Tier 1. Read more here.
Download Disclaimer: Information is current as of November 14, 2022. This document is for informational purposes only and does not intend to be a comprehensive review of all proceedings and deadlines. Deadlines and dates are subject to change. Please contact us with any questions.