InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Washington increases fines for Consumer Protection Improvement Act violations
On May 10, the Washington governor signed into law SB 5025, a bill that increases fines for unfair methods of competition and unfair or deceptive acts or practices under the state’s Consumer Protection Improvement Act (Act). Among other things, the bill (i) increases the maximum civil penalty for persons who violate the terms of any injunction issued under the Act from $25,000 to $125,000; (ii) increases the maximum civil penalty for violations of RCW 19.86.030 or 19.86.040 to $180,000 for individuals (previously $100,000) and $900,000 for persons other than individuals (previously $500,000); (iii) increases the maximum civil penalty for violations of RCW 19.86.020 to $7,500 from $2,000; and (iv) provides that unlawful acts or practices targeting or impacting individuals or communities based on characteristics including “age, race, national origin, citizenship or immigration status, sex, sexual orientation, presence of any sensory, mental, or physical disability, religion, veteran status, or status as a member of the armed forces” carry an enhanced penalty of $5,000. Additionally, by December 1, 2022, the Washington attorney general is required to “evaluate the efficacy of the maximum civil penalty amounts established in this section in deterring violations of the consumer protection act and the difference, if any, between the current penalty amounts and the penalty amounts adjusted for inflation, and provide the legislature with a report of its findings and any recommendations.” The Act goes into effect July 25.
FCC issues $4.1 million fine for deceptive robocalls
On April 22, the FCC imposed a $4.1 million fine against a phone carrier for allegedly impersonating other carriers in telemarketing calls and deceiving consumers into changing carriers without consent. The FCC first proposed the fine in 2018 after the agency, state regulators, and the Better Business Bureau received many complaints about this conduct. According to the FCC, the company’s “actions specifically harmed elderly and infirm consumers who, in some cases, were left without telephone service for extended periods of time while the company refused to reinstate service until the unauthorized charges were paid in full.” FCC acting Chairwoman Jessica Rosenworcel issued a statement condemning the “ugly scam” as a violation of the Communications Act, and warned: “To anyone else using our nation’s phone systems to perpetuate this kind of scam, take note because our efforts won’t stop here.”
FTC testifies on combating Covid-19 scams
On April 27, FTC staff testified on behalf of the Commission before the Senate Commerce Committee’s Subcommittee on Consumer Protection, Product Safety, and Data Security, briefing lawmakers on the FTC’s efforts to protect consumers from scams and frauds connected to the Covid-19 pandemic. During the testimony, presented by acting Director of the Bureau of Consumer Protection Daniel Kaufman, the FTC highlighted that the agency filed more than a dozen law enforcement actions, led the elimination of deceptive claims made by more than 350 companies, and released more than 100 alerts to update consumers and businesses on identifying and avoiding these schemes. According to the testimony, the FTC responded rapidly to identify and stop schemes that have proliferated during the pandemic in response to the demand for scarce goods, to peddle potential treatments and cures, and to exploit consumers’ and businesses’ financial hardships during the crisis. Acting Director Daniel Kaufman noted that “the FTC issued its first warnings to consumers about COVID-19 related scams in February 2020, even before the declaration of a national emergency.” Additionally, the FTC has brought enforcement actions to protect consumers’ privacy and data from digital harms amplified by the ongoing pandemic, and has partnered with the CFPB to ensure “that renters are not subjected to unlawful practices in light of the eviction crisis caused by COVID-19.” The testimony also pointed out that the FTC has received more than 436,000 reports concerning fraud, identity theft, and other consumer problems since January 2020, reflecting $399 million in fraud losses.
FTC provides AI guidance
On April 19, the FTC’s Bureau of Consumer Protection wrote a blog post identifying lessons learned to manage the consumer protection risks of artificial intelligence (AI) technology and algorithms. According to the FTC, over the years the Commission has addressed the challenges presented by the use of AI and algorithms to make decisions about consumers, and has taken many enforcement actions against companies for allegedly violating laws such as the FTC Act, FCRA, and ECOA when using AI and machine learning technology. The FTC stated that it has used its expertise with these laws to: (i) report on big data analytics and machine learning; (ii) conduct a hearing on algorithms, AI, and predictive analytics; and (iii) issue business guidance on AI and algorithms. To assist companies navigating AI, the FTC has provided the following guidance:
- Start with the right foundation. From the beginning, companies should consider ways to enhance data sets, design models to account for data gaps, and confine where or how models are used. The FTC advised that if a “data set is missing information from particular populations, using that data to build an AI model may yield results that are unfair or inequitable to legally protected groups.”
- Watch out for discriminatory outcomes. It is vital for companies to test algorithms—both prior to use and periodically after that—to prevent discrimination based on race, gender, or other protected classes.
- Embrace transparency and independence. Companies should consider how to embrace transparency and independence, such as “by using transparency frameworks and independent standards, by conducting and publishing the results of independent audits, and by opening. . . data or source code to outside inspection.”
- Don’t exaggerate what your algorithm can do or whether it can deliver fair or unbiased results. Under the FTC Act, company “statements to business customers and consumers alike must be truthful, non-deceptive, and backed up by evidence.”
- Data transparency. In the FTC guidance on AI last year, as previously covered by InfoBytes, an advisory warned companies to be careful about how they get the data that powers their models.
- Do more good than harm. Companies are warned that if their models cause “more harm than good—that is, in Section 5 parlance, if it causes or is likely to cause substantial injury to consumers that is not reasonably avoidable by consumers and not outweighed by countervailing benefits to consumers or to competition—the FTC can challenge the use of that model as unfair.”
- Importance of accountability. The FTC warns of the importance of being transparent and independent and cautions companies to hold themselves accountable or the FTC may do it for them.
FTC brings first action under Covid-19 Consumer Protection Act
On April 15, the FTC announced a civil complaint filed by the DOJ on its behalf, against a St. Louis-based company and its owner for violating the Covid-19 Consumer Protection Act and the FTC Act by making deceptive marketing health claims about their products. (See also DOJ press release here.) This is the first action the FTC has brought under the new law, which makes it unlawful under Section 5 of the FTC Act “for any person, partnership, or corporation to engage in a deceptive act or practice in or affecting commerce . . . that is associated with the treatment, cure, prevention, mitigation, or diagnosis of COVID–19” or “a government benefit related to COVID–19.” The FTC’s complaint alleges that the defendants deceptively marketed their products as being an effective treatment for Covid-19 based on the results of certain scientific studies, even though they “lacked any reasonable bases” for their claims. According to the FTC’s announcement, the defendants also allegedly advertised—without scientific support—that their products were equally, or more, effective than the currently available vaccines. The FTC seeks an injunction against the defendants, along with monetary penalties and other civil remedies to prevent harm caused by the defendants’ misrepresentations.
FTC highlights Covid-19 consumer protection efforts
On April 19, the FTC issued a staff report highlighting the Commission’s efforts to protect consumers during the continuing Covid-19 pandemic. The report addresses hardships consumers face during the pandemic and identifies the Commission’s priorities to tackle Covid-19-associated fraud and other consumer issues using “sophisticated targeting, aggressive law enforcement, and ongoing partnership and outreach.” The report highlights the FTC’s efforts through consumer and business education, including sending out consumer alerts about Covid-19 scams, reminding businesses about their responsibilities regarding honest advertising, and alerting companies about scams targeting them. The report also highlights the Commission’s efforts to protect consumers during the Covid-19 pandemic, including: (i) filing 13 enforcement actions against companies that, among other things, “made deceptive health or earnings claims”; (ii) ordering over 350 companies to remove deceptive Covid-19-related claims concerning treatments, potential earnings, and financial relief for small business and students, and warning companies that it is also illegal to facilitate deceptive Covid-19 calls; (iii) prioritizing privacy enforcement actions related to certain types of conduct “exacerbated in the transformation to digital work and schooling, including videoconferencing, ed-tech and health-tech”; (iv) collecting and tracking over 436,000 reports related to Covid-19 between January 2020 and April 2021 where consumers reported $399 million in fraud losses; and (v) issuing more than 100 Covid-19-related consumer and business alerts. In addition, the report notes that the Commission implemented systems to “track and alert the public to shifts in reports from consumers, launched a public dashboard providing information on reports associated with COVID-19, and used COVID-19-related reports to identify law enforcement targets.”
The FTC also briefed lawmakers on these efforts in testimony before the Senate Commerce Committee on April 20. During the testimony, the FTC highlighted its efforts to help consumers facing major challenges as a result of Covid-19 and requested that Congress “affirm the FTC’s authority to return money to consumers using Section 13(b) of the Federal Trade Commission.” The testimony noted that the FTC has issued enforcement actions against those who have communicated deceptive Covid-19 claims, engaged in consumer and business education and outreach, and collected millions of reports from the public on fraud, identity theft, and other consumer problems. The testimony also highlighted the FTC’s partnership with the CFPB to ensure renters are not subjected to unlawful eviction practices (covered by InfoBytes here).
California again modifies CCPA regs; appoints privacy agency’s board
On March 15, the California attorney general announced approval of additional regulations implementing the California Consumer Privacy Act (CCPA). The CCPA—enacted in June 2018 (covered by a Buckley Special Alert) and amended several times—became effective January 1, 2020. According to the announcement, the newly-approved amendments strengthen the language of CCPA regulations approved by OAL last August (covered by InfoBytes here). Specifically, the new amendments:
- Require businesses selling personal information collected in the course of interacting with consumers offline to provide consumers about their right to opt out via offline communications. Consumers must also be provided instructions on how to submit opt-out requests.
- Provide an opt-out icon for businesses to use in addition to posting a notice of right to opt-out. The amendments note that the opt-out icon may not be used in lieu of requirements to post opt-out notices or “do not sell my personal information” links.
- Require companies to use opt-out methods that are “easy” for consumers to execute and that require “minimal” steps to opt-out. Specifically, a “business’s process for submitting a request to opt-out shall not require more steps than that business’s process for a consumer to opt-in to the sale of personal information after having previously opted out.” Additionally, except as otherwise permitted by the regulations, companies are prohibited from requiring consumers to provide unnecessary personal information to implement an opt-out request, and may not require consumers to click through or listen to reasons as to why they should not submit an opt-out request. The amendments also state that businesses cannot require consumers “to search or scroll through the text of a privacy policy or similar document or webpage to locate the mechanism for submitting a request to opt-out.”
The AG’s press release also notes that the California Privacy Rights Act (CPRA), which was approved by voters last November and sought to amend the CCPA, will transfer some of the AG’s responsibilities to the California Privacy Protection Agency (CPPA), covered by InfoBytes here; however, the AG will retain the authority to go to court to enforce the law. Enforcement of the CPRA will begin in 2023.
Additionally, on March 17, the California governor announced appointments to the five-member inaugural board for the CPPA, consisting of experts in privacy, technology, and consumer rights. The CPPA is tasked with protecting the privacy rights of consumers over their personal information, and “will have full administrative power, authority, and jurisdiction to implement and enforce” the CCPA and the CPRA, including bringing enforcement actions before an administrative law judge.
DFPI reiterates “aggressive” enforcement during pandemic
On March 11, the California Department of Financial Protection and Innovation (DFPI) released a statement discussing the regulator’s expanded consumer protection efforts during the Covid-19 pandemic. Among other things, DFPI noted that it is “aggressively exercising its new authority to regulate a large group of newly covered financial services, including debt collectors, credit reporting and credit repair agencies, debt relief agencies and others,” and verifying compliance with state and federal laws protecting homeowners from “coronavirus-related foreclosures.” DFPI also stated it issued a cease-and-desist order filed against a student loan debt relief company (covered by InfoBytes here), and launched an investigation of lender efforts to evade state interest rate caps.
Virginia reaches settlement with open-end credit plan lender
On March 4, the Virginia attorney general announced a settlement with an open-end credit plan lender, resolving allegations that the company violated Virginia consumer finance laws by (i) imposing a $100 origination fee on loans during a statutorily-mandated finance charge-free grace period; (ii) “[e]ngaging in a pattern of repeat transactions and ‘rollover’ loans with thousands of consumers who were required to close accounts that they paid down to a $0 balance,” but were then allowed to open new accounts for which new fees were charged on a monthly basis; and (iii) charging interest on accounts at an annual rate of 273.75 percent, far exceeding the 36 percent limit that open-end credit lenders are allowed to charge. Under the terms of the settlement, the company is permanently enjoined from further violating Virginia’s consumer finance laws, and is required to pay $850,000 in restitution and $150,00 in attorneys’ fees and settlement costs. The company must also provide more than $10 million in debt forbearance on “accounts that remain unpaid and that were not converted to a separate loan program in October 2018.”
FTC settles with income scam operation targeting Latina consumers
On March 2, the FTC announced a settlement with a company and its owners (collectively, “defendants”) that used Spanish-language ads targeting Latina consumers with false promises of large profits reselling luxury products. The action—a part of the FTC’s “Operation Income Illusion” sweep (covered by InfoBytes here)—alleged the defendants violated the FTC Act by making false or unsubstantiated earnings claims when marketing work-at-home opportunities. The FTC also claimed the defendants violated the Telemarketing Sales Rule by, among other things, misrepresenting material aspects of the investment opportunities and routinely using threats or intimidation “to coerce consumers to pay Defendants, including but not limited to threatening consumers with damage to consumers’ credit history, false legal actions, and reports to federal government authorities.” The proposed settlement imposes a $7 million judgment, which is partially suspended due to the defendants’ inability to pay. The defendants are also permanently banned from (i) selling any goods or service that is represented as a means for consumers to make money working from home or elsewhere; (ii) making any deceptive claims about the risk, liquidity, earnings potential, or profitability of any goods or services, and making such claims through telemarketing; and (iii) using threats or intimidation to coerce consumers to pay for goods or services.