Newsletter December 2, 2025

Wiley Consumer Protection Download (December 2, 2025)

December 2, 2025

Federal and State Regulatory Announcements
Select Federal Enforcement Actions
Select State Enforcement Actions
More Analysis from Wiley

Welcome to Wiley’s update on recent developments and what’s next in consumer protection at the Federal Trade Commission (FTC), the Consumer Financial Protection Bureau (CFPB), and the state level. Check out our new State Consumer Protection Series, where we provide practical insights into emerging trends and priorities at the state level. Recent posts include, Expanding Patchwork of State “Junk Fees” Laws Presents Compliance Challenges and Automatic Renewals and Risks: State Negative Option Laws and Enforcement Are Trending. Wiley has also launched an FTC Consumer Protection and Privacy Enforcement Series and Trump Administration Resource Center to provide practical insights into emerging FTC and Executive branch priorities. Please reach out to any of our authors with any questions about recent regulatory or enforcement activity on the federal or state level.

To subscribe to this newsletter, click here.

Federal and State Regulatory Announcements

CFPB Institutes “Humility Pledge” for Supervision Division Examiners. On November 21, the CFPB announced that Supervision Division Examiners will be required to read a CFPB Humility in Supervisions Pledge prior to conducting exams. The “Humility Pledge” states that the Bureau will “focus its supervision resources on pressing threats to consumers, particularly service members and their families, and veterans” and “avoid, where possible, duplication of supervision, where States or other regulators are already doing that job.” Further, the Humility Pledge states that examiners will make best efforts to limit the scope, time, and budget of the examination.

CPPA Launches Data Broker Enforcement Strike Force. On November 19, the California Privacy Protection Agency (CPPA) announced that it is creating a Data Broker Enforcement Strike Force in its Enforcement Division to investigate potential privacy violations by companies acting as data brokers. According to the CPPA’s announcement, the Strike Force will be reviewing the data broker industry for compliance with the Delete Act’s requirement that data brokers register with the CPPA, as well as for compliance with the California Consumer Privacy Act (CCPA).

Illinois AG Issues Consumer Alert Regarding Crypto-Related Scams. On November 14, the Illinois Attorney General (AG) issued a consumer alert regarding cryptocurrency scams and recovery scams targeting previous victims of cryptocurrency scams. The alert also highlights a recent change in Illinois law that makes it easier for crypto kiosk or crypto ATM customers to get a refund if they have been scammed into sending money through a crypto ATM. The consumer alert provides resources for detecting scams and obtaining a refund.

Select Federal Enforcement Actions

FTC Settles with Education Technology Provider for Allegedly Insufficient Data Safeguards. On December 1, the FTC issued a complaint and order against an education technology provider settling allegations that the company violated the FTC Act by failing to implement sufficient data protection safeguards, including data deletion policies, to prevent student data from being accessed during a data breach. The company agreed to injunctive relief and to implement an information security program.

FTC Finalized Order Against Pet Cremation Company Regarding Noncompete Provisions. On November 25, the FTC issued a final order, following a public comment period, against a pet cremation company for alleged violations of the FTC Act. The FTC alleged that the company required all employees to sign noncompete agreements regardless of their role at the company, including hourly employees. The company agreed to injunctive relief, including to cease enforcing noncompete agreements with its employees.

FTC Settles with Small Business Loan Servicer and Its CEO for Allegedly Deceptive Marketing Practices. On September 30, a judge for the U.S. District Court for the Central District of California approved a stipulated order between the FTC and a small business loan servicer and its CEO, resolving alleged violations of the FTC Act, Telemarketing and Consumer Fraud and Abuse Prevention Act, Telemarketing Sales Rule (TSR), and Consumer Review Fairness Act (CRFA). In a November 2024 complaint, the FTC alleged that the defendants misled consumers by promising to provide loans to their small businesses and instead applying for numerous credit cards in the name of the small business owners and charging for that service regardless of whether the applications were accepted. The FTC also alleged that the company posted fake positive reviews on their website and contractually prohibited customers from posting negative reviews online. In September 2025, the judge granted most of the FTC’s motion for summary judgment, finding violations of the FTC Act, TSR, and CRFA. To settle the remaining issues, the defendants agreed to pay $48 million in addition to injunctive relief.

Select State Enforcement Actions

Oregon Department of Justice Settles with Meal Delivery Service for Allegedly Deceptive Marketing. On November 26, the Oregon Department of Justice (DOJ) announced a settlement with a national meal delivery service provider resolving allegations that the company misled consumers by advertising “free” meals, products, or shipping. The Oregon DOJ alleged that customers would not receive any of this unless they purchased several shipments of the product. The company agreed to pay $106,000 in addition to injunctive relief.

California AG Settles with Mobile Gaming App for Alleged CCPA Violations. On November 21, the California AG announced a settlement with a mobile gaming app over alleged violations of the CCPA. According to the California AG’s complaint, the mobile gaming app allegedly failed to provide consumers with an accessible method to stop the sale of their personal information and by failing to provide sufficient privacy protections for children. As part of the settlement, the mobile gaming app will pay $1.4 million in civil penalties.

Maryland AG Obtains Final Order Against Home Builders for Alleged Failure to Provide Services. On November 17, the Maryland AG’s office announced that it had obtained a Final Order against a home building company and its owners for allegedly violating the Consumer Protection Act by misappropriating consumer funds and failing to provide services that consumers had already paid for. The Final Order requires the home building company to refund consumers and pay over $300,000 in civil penalties. The Final Order also prohibits the company and its owners from operating in Maryland unless they first post a $500,000 bond with the Consumer Protection Division.