InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
E-commerce company fined $25 million for alleged COPPA violations
On July 19, the DOJ and FTC announced that a global e-commerce tech company has agreed to pay a penalty for alleged privacy violations related to its smart voice assistant’s data collection and retention practices. The agencies sued the company at the end of May for violating the Children’s Online Privacy Protection Act Rule and the FTC Act, alleging it repeatedly assured users that they could delete collected voice recordings and geolocation information but actually held onto some of this information for years to improve its voice assistant’s algorithm, thus putting the data at risk of harm from unnecessary access. (Covered by InfoBytes here.)
The stipulated order requires the company to pay a $25 million civil money penalty. The order also imposes injunctive relief requiring the company to (i) identify and delete any inactive smart voice assistant children’s accounts unless requested to be retained by a parent; (ii) notify parents whose children have accounts about updates made to its data retention and deletion practices and controls; (iii) cease making misrepresentations about its “retention, access to or deletion of geolocation information or voice information, including children’s voice information” and delete this information upon request of the user or parent; and (iii) disclose its geolocation and voice information retention and deletion practices to consumers. The company must also implement a comprehensive privacy program specific to its use of users’ geolocation information.
CFPB alleges UDAAP violations by “lease-to-own” financer
On July 19, the CFPB announced it is suing a lease-to-own finance company that provides services that allows consumers, typically with limited access to traditional forms of credit for their financing, to finance merchandise or services over a 12-month period. According to the complaint, the Bureau claims that once a consumer falls behind on payments, the company’s purchase agreement essentially “lock[s] [consumers] into the 12-month schedule—even if they want to return or surrender their financed merchandise.” The alleged violations include:
- Misleading consumers. The company is accused of designing and implementing its financing program in a way that misleads consumers by using print advertisements featuring the phrase “100 Day Cash Payoff” without including details of the purchase agreement financing. The company is accused of misrepresenting that consumers could not terminate their agreement, that consumers could not return their merchandise, and that the “best” or “only” option for consumers who no longer want to finance their merchandise is to enter a “buy-back” agreement. The Bureau alleges that such conduct, among other things, violated the CFPA's prohibition on deceptive and abusive acts and practices.
- Unlawful conditioning of credit extension. The company is accused of violating the EFTA and its implementing Regulation E by allegedly improperly requiring consumers to repay credit through preauthorized automated clearing house debits.
- Failing to establish reasonable policies concerning consumer information. The Bureau alleges that the company violated the FCRA and its implementing Regulation V by not having adequate written policies and procedures to ensure the accuracy and integrity of consumer information that it furnished, considering the company’s “size, complexity, and scope.”
The Bureau seeks, among other things, injunctions to prevent future violations, rescission or reformation of the company's financing agreements, redress to consumers, and civil money penalties.
Feds, states launch “Operation Stop Scam Calls”
On July 18, the FTC, along with over 100 federal and state law enforcement partners nationwide, including the DOJ, FCC, and attorneys general from all 50 states and the District of Columbia, announced a new initiative to combat illegal telemarketing calls, including robocalls. The joint initiative, “Operation Stop Scam Calls,” targets telemarketers and the companies that hire them, lead generators that provide consumers’ telephone numbers to robocallers and others who falsely represent that consumers consented to receive the calls. The initiative also targets Voice over Internet Protocol (VoIP) service providers that facilitate illegal robocalls, many of which originate overseas.
In connection with Operation Stop Scam Calls, the FTC has initiated five new cases against companies and individuals allegedly responsible for distributing or assisting in the distribution of illegal telemarketing calls to consumers across the country. According to the announcement, the actions reiterate the FTC’s position “that third-party lead generation for robocalls is illegal under the Telemarketing Sales Rule (TSR) and that the FTC and its partners are committed to stopping illegal calls by targeting anyone in the telemarketing ecosystem that assists and facilitates these calls, including VoIP service providers.” The announcement also states that more than 180 enforcement actions and other initiatives have been taken by 48 federal and 54 state agencies as part of Operation Stop Scam Calls.
Among the new actions announced a part of Operation Stop Scam Calls is a complaint filed against a “consent farm” lead generator, which allegedly uses “dark patterns” to collect consumers’ broad agreement to provide their personal information and receive robocalls and other marketing solicitations through a single click of a button or checkbox via its websites. Under the terms of the proposed order, the defendant would be required to pay a $2.5 million civil penalty and would be banned from engaging in, assisting, or facilitating robocalls. The defendant would also be required to implement measures to limit its lead generation practices, establish systems for monitoring its own advertising and that of its affiliates, comply with comprehensive disclosure requirements concerning the collection of consumers’ consent to the sale of their information, and delete all previously collected consumer information.
Other actions were taken against a California-based telemarketing lead generator, a telemarketing company that provides soundboard calling services to clients who use robocalls to sell a range of products and services, a New Jersey-based telemarketing outfit that placed tens of millions of calls to consumers whose numbers are listed on the National Do Not Call Registry, and Florida-based defendants accused of assisting and facilitating the transmission of roughly 37.8 million illegal robocalls by providing VoIP services to over 11 foreign telemarketers.
FTC fines company $7.8 million over health data and third-party advertisers
On July 14, the FTC finalized an order against an online counseling service, requiring it to pay $7.8 million and prohibiting the sharing of consumers’ health data for advertising purposes. The FTC alleged that the respondent shared consumers’ sensitive health data with third parties despite promising to keep such information private (covered by InfoBytes here). The FTC said it will use the settlement funds to provide partial refunds to affected consumers. The order not only bans the respondent from disclosing health data for advertising and marketing purposes but also prohibits the sharing of consumers’ personal information for re-targeting. The order also stipulates that the respondent must now obtain consumers’ affirmative express consent before disclosing personal information, implement a comprehensive privacy program with certain data protection measures, instruct third parties to delete shared data, and adhere to a data retention schedule.
Illinois Supreme Court declines to reconsider BIPA accrual ruling
On July 18, the Illinois Supreme Court declined to reconsider its February ruling, which held that under the state’s Biometric Information Privacy Act (BIPA or the Act), claims accrue “with every scan or transmission of biometric identifiers or biometric information without prior informed consent.” Three justices, however, dissented from the denial of rehearing, writing that the ruling leaves “a staggering degree of uncertainty” by offering courts and defendants little guidance on how to determine damages. The putative class action stemmed from allegations that the defendant fast food chain violated BIPA sections 15(b) and (d) by unlawfully collecting plaintiff’s biometric data and disclosing the data to a third-party vendor without first obtaining her consent. While the defendant challenged the timeliness of the action, the plaintiff asserted that “a new claim accrued each time she scanned her fingerprints” and her data was sent to a third-party authenticator, thus “rendering her action timely with respect to the unlawful scans and transmissions that occurred within the applicable limitations period.”
In February, a split Illinois Supreme Court held that claims accrue under BIPA each time biometric identifiers or biometric information (such as fingerprints) are scanned or transmitted, rather than simply the first time. (Covered by InfoBytes here.) The dissenting judges wrote that they would have granted rehearing because the majority’s determination that BIPA claims accrue with every transmission “subvert[s] the intent of the Illinois General Assembly, threatens the survival of businesses in Illinois, and consequently raises significant constitutional due process concerns.” The dissenting judges further maintained that the majority’s February decision is confusing and lacks guidance for courts when determining damages awards. While the majority emphasized that BIPA does not contain language “suggesting legislative intent to authorize a damages award that would result in the financial destruction of a business,” it also said that it continues “to believe that policy-based concerns about potentially excessive damage awards under [BIPA] are best addressed by the legislature,” and that it “respectfully suggest[s] that the legislature review these policy concerns and make clear its intent regarding the assessment of damages under [BIPA].”
Agencies charge crypto platform and former executives
On July 13, the FTC announced a proposed settlement to resolve allegations that a crypto platform engaged in unfair and deceptive acts or practices in violation of the FTC Act. The FTC also alleges that the defendants violated the Gramm-Leach-Bliley Act by acquiring customer information from a financial institution regarding someone else by providing false or misleading statements. The New Jersey-based crypto company offers various cryptocurrency products and services to customers, such as interest-bearing accounts, personal loans backed by cryptocurrency deposits, and a cryptocurrency exchange. On the heels of its bankruptcy filing in July 2022, the FTC lodged a complaint in federal court alleging that three former executives falsely promised that deposits would be “safer” than bank deposits and always available for withdrawal, and that the platform posed “no risk” or “minimal risk.”
The proposed stipulated order imposes a $4.72 million judgment against the corporate defendants, which is suspended based on their financial condition. The order also bans the corporate defendants from, among other things, “advertising, marketing, promoting, offering, or distributing, or assisting in the advertising, marketing, promoting, offering, or distributing of any product or service that can be used to deposit, exchange, invest, or withdraw assets, whether directly or through an intermediary.”
Other agencies also took action against the company and its former CEO on the same day, including the SEC, which alleges the company sold unregistered crypto asset securities in one of its program offerings. The SEC’s complaint further alleges the company made false and misleading statements and engaged in market manipulation. Additionally, the DOJ unsealed an indictment charging the former CEO and the company’s former chief revenue officer with conspiracy, securities fraud, market manipulation, and wire fraud for illicitly manipulating the price of the company’s token. Additionally, the CFTC filed a civil complaint charging the company and former CEO with fraud and material misrepresentations in connection with the operation of the company’s digital asset-based finance platform. The CFTC alleges the company operated as an unregistered commodity pool operator (CPO), and its former CEO operated as an unregistered associated person of a CPO. The complaint also accuses the former CEO of violating the Commodity Exchange Act and CFTC regulations, among other things. According to the press release, the company agreed to resolve the complaint, while the former CEO is continuing litigation.
SEC awards whistleblower $9 million
On July 12, the SEC announced a whistleblower award totaling approximately $9 million to a claimant who provided information and assistance that led to a successful enforcement action. According to the redacted order, the claimant “repeatedly raised concerns internally” and “provided highly significant and detailed information that alerted enforcement staff to the underlying conduct, prompting the opening of the investigation.” The claimant then “provided critical and ongoing assistance throughout the investigation, including meeting with [e]nforcement staff multiple times.” As a result of that information and assistance, “millions of dollars have been returned to harmed investors.”
CFPB, states sue company over deceptive student lending and collection
On July 13, the CFPB joined state attorneys general from Washington, Oregon, Delaware, Minnesota, Illinois, Wisconsin, Massachusetts, North Carolina, South Carolina, and Virginia in taking action against an education firm accused of engaging in deceptive marketing and unfair debt collection practices. California’s Department of Financial Protection and Innovation is participating in the action as well. Prior to filing for bankruptcy, the Delaware-based defendant operated a private, for-profit vocational training program for software sales representatives. The joint complaint, filed as an adversary proceeding in the firm’s bankruptcy case, alleges that the defendant charged consumers up to $30,000 for its programs. The complaint further alleges that the defendant encouraged consumers who could not pay upfront to enter into income share agreements, which required minimum payments equal to between 12.5 and 16 percent of their gross income for 4 to 8 years or until they had paid a total of $30,000, whichever came first.
The complaint asserts that the defendant engaged in deceptive practices by misrepresenting its income share agreement as not a loan and not debt, and mislead borrowers into believing that no payments would need to be made until they received a job offer from a technology company with a minimum annual income of $60,000. The defendant is also accused of failing to disclose important financing terms, such as the amount financed, finance charges, and annual percentage rates, as required by TILA and Regulation Z. The complaint also claims that the defendant hired two debt collection companies to pursue collection activities on defaulted income share loans. One of the defendant debt collectors is accused of engaging in unfair practices by filing debt collection lawsuits in remote jurisdictions where consumers neither resided nor were physically present when the financing agreements were executed. The complaint further alleges the two defendant debt collectors violated the FDCPA and the CFPA by deceptively inducing consumers into settlement agreements and falsely claiming they owed more than they did.
According to the Bureau and the states, after the Delaware Department of Justice and Delaware courts began scrutinizing the debt collection lawsuits, the defendant unilaterally changed the terms of its contracts with consumers to force them into arbitration even though none of them had agreed to arbitrate their claims. Additionally, the complaint contends that settlement agreements marketed as being “beneficial” to consumers actually released consumers’ claims against the defendant and converted income share loans into revised “settlement agreements” that obligated them to make recurring monthly payments for several years and contained burdensome dispute resolution and collection terms.
The complaint seeks permanent injunctive relief, monetary relief, consumer redress, and civil money penalties. The CFPB and states are also seeking to void the income share loans.
District Court orders individual to pay $148 million in student debt-relief scam
On July 7, the U.S. District Court for the Central District of California entered a final judgment and order against an individual defendant accused of operating and controlling a deceptive student loan debt relief operation. As previously covered by InfoBytes, in 2019, the CFPB, along with the Minnesota and North Carolina attorneys general and the Los Angeles City Attorney (together, the “states”), announced an action against the student loan debt relief operation for allegedly deceiving thousands of student loan borrowers. The Bureau and the states alleged that since at least 2015, the debt relief operation violated the Consumer Financial Protection Act (CFPA), Telemarketing Sales Rule (TSR), FDCPA, and various state laws by charging and collecting over $95 million in illegal advance fees from student loan borrowers. In addition, the Bureau and the states claimed that the debt relief operation engaged in deceptive practices by misrepresenting the purpose and application of the fees they charged and the nature and benefits of their services. Specifically, the debt relief operation allegedly failed to inform borrowers that, among other things, (i) they would request that the loans be placed in forbearance and interest would continue to accrue during the forbearance period, thereby increasing the borrowers’ overall loan balances; and (ii) it was their practice to submit false information about the borrowers to student loan servicers to try to qualify borrowers for lower monthly payments. The individual defendant was accused of owning, controlling, and managing the student loan debt relief operation, materially participating in the operation’s affairs, and providing substantial assistance or support while knowing or consciously avoiding knowledge that the operation was engaging in illegal conduct.
The individual defendant was held liable, jointly and severally, in the amount of approximately $95,057,757, for the purpose of providing redress to affected borrowers. Because the individual defendant was found to have recklessly violated the TSR and the CFPA, the court also imposed second-tier civil monetary penalties of $147,985,000 to the Bureau, of which $5,000 will be paid to each state. The final judgment also imposes various forms of injunctive relief, including permanent bans on engaging in consumer financial products or services and violating the TSR, CFPA, and similar laws in Minnesota, North Carolina, and California. The individual defendant is also prohibited from disclosing, using, or benefiting from customer information obtained in connection with the offering or providing of the debt relief services, and may not “attempt to collect, sell, assign, or otherwise transfer any right to collect payment from any consumer who purchased or agreed to purchase” a debt relief service from any of the defendants.
Highlights from the CFPB’s 2022 fair lending report
On June 29, the CFPB issued its annual fair lending report to Congress which outlines the Bureau’s efforts in 2022 to fulfill its fair lending mandate. Much of the Bureau’s work in 2022 was directed towards unlawful discrimination in the home appraisal industry and addressing redlining. According to the report, the CFPB also honed its efforts on factors that influence fair access to credit which included insight into factors affecting consumers’ credit profiles. The report highlights one fair lending enforcement action from 2022, where the CFPB and DOJ filed a joint complaint and proposed consent order against a company for allegedly violating ECOA, Regulation B, and the CFPA by discouraging prospective applicants from applying for credit. Notably, the Bureau notes that under section 704 of ECOA, it must refer any cases with instances of a creditor being believed to have engaged in a “pattern or practice of lending discrimination” to the DOJ. According to the report, the FDIC, NCUA, Federal Reserve Board, and CFPB collectively made 23 such referrals to the DOJ in 2022, a 91 percent increase from 2020. Five of the 23 matters were sent by the CFPB, four of which involved alleged racial discrimination in redlining, and one involving alleged discrimination in underwriting based on receipt of public assistance income. The report also discusses the CFPB’s risk-based prioritization process that resulted in initiatives concerning small business lending, policies and procedures on exclusions in underwriting, and the use of artificial intelligence. Moving forward, the Bureau will continue its collaborative approach with other agencies and prioritize areas such as combating bias in home appraisals, redlining, and the use of advanced technologies in financial services. Additionally, the report states that by focusing on restorative outcomes, comprehensive remedies, and equal economic opportunities, the CFPB aims to create a fair, equitable, and nondiscriminatory credit market for consumers.