Wiley Consumer Protection Download (May 23, 2023)

May 23, 2023

Regulatory Announcements
Recent Enforcement Actions
Upcoming Comment Deadlines and Events
More Analysis from Wiley

Welcome to Wiley’s update on recent developments and what’s next in consumer protection at the Consumer Financial Protection Bureau (CFPB) and Federal Trade Commission (FTC). In this newsletter, we analyze recent regulatory announcements, recap key enforcement actions, and preview upcoming deadlines and events. We also include links to our articles, blogs, and webinars with more analysis in these areas. We understand that keeping on top of the rapidly evolving regulatory landscape is more important than ever for businesses seeking to offer new and groundbreaking technologies. Please reach out if there are other topics you’d like to see us cover or for any additional information.

To subscribe to this newsletter, click here.

Regulatory Announcements

FTC Holds May 2023 Open Commission Meeting; Releases Biometric Policy Statement and Notice of Proposed Rulemaking on the Health Breach Notification Rule. On May 18, the FTC held its monthly virtual Open Commission Meeting. During the meeting, the FTC unanimously voted to issue (1) a Policy Statement on Biometric Information and Section 5 of the FTC Act (Policy Statement); and (2) a Notice of Proposed Rulemaking to Amend the Health Breach Notification Rule (HBNR NPRM). The Policy Statement provides guidance as to what biometric information collection and use practices the FTC may consider to be “unfair or deceptive” under Section 5 of the FTC Act. Among other things, the Policy Statement adopts a broad definition of “biometric information” that includes both unique biometric identifiers (like a fingerprint or faceprint) and “images, descriptions, or recordings” of individuals. The Policy Statement also details the FTC’s view of “new and increasing risks” regarding the use of biometric information technologies, and factors the FTC will consider in reviewing biometric-relate practices. We summarized the Policy Statement in greater detail here.

The HBNR NPRM proposes to update the HBNR to clarify the rule’s coverage of mental health apps and other technologies that collect location and browsing history data. The HBNR NPRM also proposes to clarify, among other things, that the definition of “breach of security” under the rule includes an unauthorized acquisition of identifiable health information that occurs as a result of a data security breach or an unauthorized disclosure, and therefore it would not limit reportable incidents to “cybersecurity intrusions or nefarious behavior.”

CFPB Issues Consumer Financial Protection Circular on Reopening of Closed Bank Accounts to Process a Debit. On May 10, the CFPB issued a Consumer Financial Protection Circular titled “Reopening deposit accounts that consumers previously closed.” The Circular concludes that it can constitute an unfair or deceptive act or practice under the Consumer Financial Protection Act if a financial institution “unilaterally reopens [closed] accounts to process a debit (i.e., withdrawal, ACH transaction, check) or deposit. . . .” Specifically, the Circular concludes that the practice “may impose substantial injury on consumers that that they cannot reasonably avoid and that is not outweighed by countervailing benefits to consumers or competition.” It reasons that financial institutions “frequently charge fees after they reopen an account. For example, consumers may incur penalty fees when an account that they closed is reopened by the financial institution after receiving a debit or deposit.”

Recent Enforcement Actions

FTC Sues Debt Collection Companies and Executives for Allegedly Deceptive Collection Practices. On April 24, the FTC filed complaints in the U.S. District Court for the Central District of California against SL Finance LLC and its owners Michael Castillo and Christian Castillo, and BCO Consulting Services Inc. and SLA Consulting Services Inc. and their owners Gianni Olilang, Brandon Clores, Kishan Bhakta, and Allan Radam (Defendants). The FTC’s complaints allege that the Defendants deceived consumers by falsely claiming to work with the Department of Education and enrolling consumers in fake loan repayment programs in which the Defendants kept the money intended for loan repayment. On May 2, the court granted the FTC’s motions for a temporary restraining order and asset freeze allegations against both sets of defendants.

FTC Sues VoIP Service Provider for Allegedly Facilitating Robocalls. On May 12, U.S. Department of Justice (DOJ), on behalf of the FTC, filed a complaint against XCast Labs, a national Voice over Internet Protocol (VoIP) service provider, in the U.S. District Court for the Central District of California, for alleged violations of the FTC Act and Telemarketing Sales Rule (TSR). The DOJ and FTC allege that XCast Labs failed to stop the transmission of robocalls to consumers when bad actors used its services to call consumers on the national Do Not Call List or facilitated other illegal telemarketing calls. The complaint also alleges that XCast engaged in this activity even after the FTC sent warning letters in January 2020, warning VoIP service providers that facilitating telemarketing or robocalling was illegal and would result in legal action. The complaint requests a permanent injunction and civil money penalties.

Upcoming Comment Deadlines and Events

CFPB RFI on Data Broker Business Practices. Comments on the CFPB’s RFI seeking public comments on the business practices of data brokers are due June 13. Specifically, the RFI seeks information about the business models and data collection practices of a range of entities it defines as “data brokers,” including the types of information that they collect, sell, and aggregate; the types of sources that they rely on to collect information; and the types of information that they receive from financial institutions, among other questions.

FTC to Host a Workshop on “Recyclable” Claims. The FTC will host a workshop on May 23 titled Talking Trash at the FTC: Recyclable Claims and the Green Guides. The workshop is part of its recently announced regulatory review of the Green Guides. The half-day hybrid event will cover topics including: the current state of recycling practices and advertisements, consumer perceptions of recycling-related claims, and whether the Green Guides need to be updated or revised to accommodate changes in recycling advertising. The agenda for the workshop is available here. Comments related to the issues discussed at the workshop are due June 13.

FTC RFI on Cloud Computing Industry. Comments are due June 21 (extended from May 22) on an FTC Request for Information (RFI) seeking information regarding the business practices of cloud computing providers. The RFI outlines questions on both competition and data security issues in the cloud computing industry. The RFI also notes that FTC staff is interested in cloud computing with regards to specific industries, including healthcare, finance, transportation, e-commerce, and defense.

FTC Seeking Comment on Negative Option Rule NPRM. Comments are due June 23 on the FTC’s Negative Option Rule NPRM. Negative option marketing refers to commercial transactions where sellers interpret a customer’s inaction to either reject or cancel an agreement as an acceptance of a product or service. The FTC’s current Negative Option Rule requires certain prenotification plan sellers to disclose their plan’s material terms clearly and conspicuously before consumers subscribe. Prenotification plans are those that provide periodic notices offering goods to participating consumers and subsequently send and charge for those goods if consumers take no action to decline the offers. The NPRM proposes to expand the Negative Option Rule to all forms of negative option marketing, including continuity plans, automatic renewals, and free trials in all media (e.g., telephone, Internet, traditional print media, and in-person transactions). The NPRM also would make a number of changes to the Negative Option Rule, including requiring negative option plan sellers to provide a one-click opt-out mechanism for current subscription customers; adding opt-in requirements for negative option plan sellers seeking to make new offers to customers; and implementing a requirement that negative option plan sellers must, on an annual basis, remind customers enrolled in subscription services involving anything other than physical goods about the current subscription before it is renewed.

FTC to Host Workshop on Proposed Changes to the Funeral Rule. On September 7, the FTC will host a public workshop on the changes to its Funeral Rule proposed in its Advance Notice of Proposed Rulemaking. The workshop will cover a number of topics including, among other things, online or electronic disclosures of price information, the general price list required by the Funeral Rule, and whether funeral providers should be required to give out general price lists in languages other than English. The public can submit comments on the topics to be covered in the workshop until October 10. Instructions for filing comments will be published in the Federal Register.

More Analysis from Wiley

Wiley Wins Four Law360 ‘Practice Group of the Year’ Awards for 2022

FTC Issues Policy Statement on Biometric Information, Signaling a New Enforcement Priority

FTC Joins the Cloud Security Discussion

5 Takeaways From Recent CFPB, FTC Equal Credit Push

State Privacy Update: California Finalizes New CCPA Regulations and Iowa Becomes the Sixth State to Adopt Comprehensive Privacy Legislation

State Privacy Update: A New Omnibus Privacy Law Passes in Iowa, Colorado Finalizes Privacy Rules

NTIA Seeks Comment on AI Accountability

Podcast: AI Risk Management: A Discussion with NIST’s Elham Tabassi on the NIST AI Risk Management Framework

FTC Proposes New Rule to Broadly Ban Non-Compete Agreements

FTC Requests Comment on Potential Revisions to Green Guides

Webinar: Staying Ahead of State Privacy Laws: Tips and Best Practices for Building Compliant Strategies for Five Key States

Podcast: State Privacy Laws and Federal Government Contractors

California Moves Closer to Finalizing Updated CCPA Regulations and Launching a New Rulemaking for Cybersecurity Audits, Risk Assessments, and Automated Decisionmaking

CISA Seeks Comments on New Security Attestation for Software Procurements

NIST Releases AI Risk Management Framework, Expected to Be a Critical Tool for Trustworthy AI Deployment

New York Law Will Regulate Consumer Device Repair Options: What the Digital Fair Repair Act Means for the Consumer Electronics Industry

California Age-Appropriate Design Code Act to Impose Significant New Requirements on Businesses Providing Online Services, Products, or Features

An Introduction to the California Age-Appropriate Design Code

West Virginia v. EPA and the Future of Tech Regulation

Cyber Spotlight: Wiley Tackles White House’s National Cybersecurity Strategy and Other Developments

Webinar: Transactional Due Diligence Related to Privacy and Cybersecurity

Webinar: FTC’s Revised Safeguards Rule: How to Navigate New Information Security Requirements

Duane Pozza Named a Cryptocurrency and Fintech ‘Trailblazer’ by The National Law Journal

U.S. State Privacy Law Guide

Legal 500 US Recognizes Wiley’s Telecom, Media & Technology Practice as Tier 1. Read more here.

Download Disclaimer: Information is current as of May 23, 2023. This document is for informational purposes only and does not intend to be a comprehensive review of all proceedings and deadlines. Deadlines and dates are subject to change. Please contact us with any questions.

Read Time: 9 min
Jump to top of page

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.