Newsletter May 21, 2025

Wiley Consumer Protection Download (May 21, 2025)

May 21, 2025

Federal and State Regulatory Announcements
Select Federal Enforcement Actions
Select State Enforcement Actions
Upcoming Comment Deadlines and Events
More Analysis from Wiley

Welcome to Wiley’s update on recent developments and what’s next in consumer protection at the Federal Trade Commission (FTC), Consumer Financial Protection Bureau (CFPB), and at the state level.

Wiley also has launched a Trump Administration Resource Center and Resource Guide to track Executive branch priorities during the second Administration of President Trump. With Wiley’s deep-rooted understanding of Washington and today’s evolving regulatory landscape, the Resource Center and Resource Guide provide critical insights, actionable intelligence, practical solutions, and guidance across key industries to help businesses stay ahead of the curve and manage challenges in 2025 and beyond. Please reach out to any of our authors with any questions about recent Trump Administration actions and the potential impact on regulations or enforcement activity.

To subscribe to this newsletter, click here.

Federal and State Regulatory Announcements

FTC Postpones “Click-to-Cancel” Rule Compliance Deadline to July 14. On May 9, the FTC voted to defer the compliance deadline for the amended Negative Option Rule, or “Click to Cancel” Rule, from May 14, 2025 to July 14, 2025. The Click-to-Cancel Rule, which we summarize here, requires companies to provide a “simple mechanism” to cancel a negative option or subscription feature. The amended Rule also requires companies to make certain disclosures and obtain consumer express informed consent before charging a consumer for the negative option. “To ensure ample time for companies to conform their conduct to the Rule,” regulated entities now have until July 14 to comply with §§ 425.4 through 425.6 of the Rule, which detail cancellation, disclosure, and consent requirements.

CFPB Withdraws Proposed FCRA “Data Broker” Rule. On May 15, the CFPB withdrew its Notice of Proposed Rule titled “Protecting Americans from Harmful Data Broker Practices (Regulation V).” The CFPB stated that it withdrew the Proposed Rule because it did not align with the Bureau’s current interpretation of the Federal Credit Reporting Act (FCRA). The Proposed Rule, which we summarized here, would have expanded the scope of the FCRA by amending the definitions of “consumer report” and “consumer reporting agency” in the FCRA’s implementing Regulation V to cover additional activities or entities that share consumer information. The Proposed Rule would have also amended certain restrictions to the use of de-identified consumer report data and established new standards for obtaining consumer consent.

CFPB Withdraws Proposed Interpretive Rule on EFTA Applicability and Issues RFI on Consumer Payment Data. On May 15, the CFPB withdrew a Notice of Proposed Interpretive Rule that sought to clarify the existing statutory and regulatory requirements governing electronic fund transfers (EFTs). Specifically, the proposed interpretive rule provided a framework for determining when the Electronic Fund Transfer Act (EFTA) and Regulation E – which give consumers the right to dispute transactions that are potentially fraudulent – would apply to new and emerging digital payment mechanisms. In withdrawing the Notice of Proposed Interpretive Rule, the CFPB stated that the proposal “does not align with current agency needs, priorities, or objectives.”

CFPB Withdraws Proposed Rule to Restrict Certain Contractual Clauses in Consumer Financial Product and Service Agreements. On May 15, the CFPB withdrew a Notice of Proposed Rulemaking (NPRM) that would have prohibited certain contractual provisions in agreements for consumer financial products or services. Specifically, the proposed rule would have prohibited covered persons from including any terms or conditions that purport to waive substantial consumer legal rights and protections (or their remedies) granted by state or federal law, “including protections for servicemembers, laws prohibiting elder fraud, and accountability for corporate lawbreaking.” In withdrawing the NPRM, the CFPB stated that the proposal “is largely duplicative of the [FTC’s] Credit Practices Rule.”

CFPB Withdraws an Array of Interpretive Rules, Policy Statements, and Advisory Opinions. On May 12, the CFPB announced the withdrawal of a wide range of CFPB interpretive rules, policy statements, advisory opinions, and other guidance pertaining to, among other authorities, the agency’s regulatory and enforcement authority under the CFPA, Equal Credit Opportunity Act, FCRA, EFTA, Truth in Lending Act. The CFPB notes that “such withdrawal is not necessarily final” and that the agency “intends to continue reviewing all guidance documents to determine whether they should ultimately be retained.”

FTC Chairman Testifies Before House Appropriations Committee. On May 15, FTC Chairman Andrew Ferguson testified before the House Appropriations Committee’s Financial Services and General Government Subcommittee to discuss the FTC’s budget and FY 2026 priorities. He noted that the agency has already reduced spending by downsizing its workforce from 1,315 to 1,221 personnel with plans for additional reductions. In summarizing the FTC’s consumer protection efforts, the testimony highlighted a number of notable priorities. Among other things, the Chairman noted the FTC is preparing to enforce the Better Online Ticket Sales Act (BOTS Act), it is making efforts to fight fraud, and it is focused on “Big Tech” approaches to free speech online (as discussed here). The testimony also noted the Commission is preparing to enforce the recently enacted Take It Down Act, which we discuss here, which requires platforms to remove posts including non-consensual intimate images.

FTC Warns Ticket Reseller of Potential Noncompliance with Fees Rule. On May 14, the FTC sent a letter to a ticket reseller warning the company that it may be violating certain provisions of the Rule on Unfair or Deceptive Fees (Fees Rule) by misrepresenting the price of tickets on its website. The letter encourages the ticket reseller to bring all offers, displays, and advertisements into compliance and instructs the company to suspend the destruction of any documents that may be relevant to the subject matter of the letter. The Fees Rule, which took effect on May 12, requires covered businesses to disclose the “total price” of a live ticket event, which is defined as “the maximum total of all fees or charges a consumer must pay for the good(s) or service(s) and any mandatory ancillary good or service.”

CFPB Deprioritizes Enforcement of Buy Now, Pay Later Loans. On May 6, the CFPB announced that it will not prioritize enforcement actions of the Truth in Lending Act (Regulation Z) involving Buy Now, Pay Later (BNPL) products and services. BNPL is a short-term financing option that allows customers to purchase items and make payments over time in installments. The BNPL Interpretive Rule stated that lenders that issue BNPL credit are “card issuers” under Regulation Z and are therefore subject to the regulations in subpart B of Regulation Z, including those provisions governing credit card dispute and refund rights. The CFPB also announced that it is contemplating actions to rescind the BNPL Interpretive Rule.

Select Federal Enforcement Actions

FTC Order Bans Student Loan Debt Relief Company from the Debt Relief Industry for Alleged Violations of the FTC Act, TSR, and the Impersonation Rule. On May 14, the U.S. District Court for the Central District of California issued an order for permanent injunction and monetary judgment banning a student loan debt relief company from the debt relief industry for alleged violations of the FTC Act, the Telemarketing Sales Rule (TSR), and the Impersonation Rule. According to the FTC’s complaint in the case, the student debt relief company misled consumers into paying fees toward fabricated student loan forgiveness programs, falsely claimed that consumers were guaranteed loan forgiveness and that the program would reduce their loan payments, pretended to be affiliated with the U.S. Department of Education, and charged more than $16.7 million in advance fees that violated the TSR. In addition to the ban from the debt relief industry, the order also imposes, among other things, a $16.8 million monetary judgment, which has been partially suspended due to an inability to pay.

FTC Settles with AI Entrepreneurial Training Business Over Alleged Violations of the Business Opportunity Rule and the CRFA. On May 8, the U.S. District Court for the Eastern District of Pennsylvania issued a stipulated order for permanent injunction, monetary judgement, and other relief banning an artificial intelligence (AI) entrepreneurial training company from selling business opportunities. According to the FTC’s complaint, the company violated the Business Opportunity Rule by, among other things, misrepresenting the income or profits that previous purchasers or prospective purchasers have earned or may earn, failing to provide an earnings claim statement to prospective purchasers, and failing to provide prospective purchasers with a disclosure document. The complaint also alleged that the company violated the Consumer Review Fairness Act (CRFA) by offering form contracts to prospective purchasers that prohibit or restrict the ability of the prospective purchasers from reviewing or reporting the company’s practices. In addition to banning the company from selling business opportunities, the stipulated order also obligates the company to turn over assets to be used for consumer refunds, and to pay a $9,786,124 civil penalty, which has been partially suspended due to an inability to pay.

Select State Enforcement Actions

Maryland AG Announces Settlement with Online Retailer Over Alleged Deceptive Marketing. On May 8, the Maryland AG announced a settlement with an online retailer over alleged violations of the Restore Online Shoppers’ Confidence Act and Maryland Consumer Protection Act. Specifically, the AG alleged that the retailer deceptively marketed intimate apparel without disclosing to consumers they would be enrolled in a membership program and subject to monthly fees upon accepting such discount. Under the settlement, the retailer will issue refunds to Maryland consumers who never used their memberships and will pay the AG $250,000.

Texas AG Notifies Chinese Technology Companies of Alleged Violations of TDPSA. On May 6, the Texas AG announced that it is giving three Chinese technology companies 30 days to comply with the Texas Data Privacy and Security Act (TDPSA) or face a potential enforcement action. The TDPSA requires companies to “disclose whether they process consumer data, allow consumers to opt out of data collection, and enable consumers to delete their personal data entirely.”

Upcoming Events and Comment Deadlines

FTC Seeks Comments on Tech Content Moderation. Comments are due May 21, 2025 on a Request for information (RFI) on tech content moderation policies to better understand how technology platforms may “deny or degrade” access to services. The RFI, which we summarize here, seeks public comments on “how consumers may have been harmed by technology platforms that limited their ability to share ideas or affiliations freely and openly.” While the RFI does not announce any investigations or enforcement actions, it specifically notes that “[c]omments submitted in response to this RFI could inform the FTC’s enforcement priorities and future actions.”

FTC Announces Agenda for Workshop to Examine Impact of “Big Tech” Practices on Kids and Families. The FTC will hold a virtual workshop on June 4, 2025 to “discuss how Big Tech companies impose addictive design features, erode parental authority, and fail to protect children from exposure to harmful content.” The workshop, titled “The Attention Economy: How Big Tech Firms Exploit Children and Hurt Families,” will feature parents, child safety experts, and government leaders. Experts will discuss potential approaches to protect kids online, including age verification and parental consent requirements. Chairman Andrew Ferguson and Commissioners Melissa Holyoak and Mark Meador plan to deliver remarks, along with Senators Marsha Blackburn (R-TN) and Katie Britt (R-AL). The full agenda and registration details can be found here.

CFPB Proposes to Withdraw Determination to Invoke Supervisory Authority Over Nonbank Companies. Comments are due June 13 on the CFPB’s proposal to withdraw a Procedural Rule that allows the CFPB to invoke its supervisory authority over certain nonbank financial companies that are not otherwise subject to its jurisdiction. The Procedural Rule explains that Section 1091 of the CFPA provides that the CFPB may supervise a nonbank entity that the agency “has reasonable cause to determine, by order, after notice to the covered person and a reasonable opportunity for such covered person to respond ... is engaging, or has engaged, in conduct that poses risks to consumers with regard to the offering or provision of consumer financial products or services.” The CFPB had previously focused its nonbank supervisory authority on companies in the mortgage, private loan, and payday loan industries, and certain larger companies in the consumer reporting, debt collection, student loan servicing, international remittances, and auto loan servicing industries.

CFPB Proposes to Rescind Nonbank “Repeat Offender” Registry Rule. Comments are due June 13, 2025 on the CFPB’s proposal to rescind its Rule requiring certain nonbank financial institutions subject to final court or agency enforcement orders or consent decrees to report the existence of such orders to the CFPB and to file annual reports. The proposal cites the CFPB’s concern that “the costs the rule imposes on regulated entities, and which may in large part be passed onto consumers, are not justified by the speculative and unquantified benefits to consumers.”