InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FTC Finalizes Children's Online Privacy Rule Amendments
On December 19, the FTC announced final amendments to the Children’s Online Privacy Protection Act Rule. According to the FTC’s release, the final amendments (i) include geolocation information, photographs, and videos in the list of “personal information” that cannot be collected from children under 13 without parental notice and consent, (ii) offer companies a streamlined, voluntary, and transparent approval process for new ways of getting parental consent, (iii) close a loophole that allowed kid-directed apps and websites to permit third parties to collect personal information from children through plug-ins without parental notice and consent, (iv) require compliance by such third parties in some of those cases, (v) require compliance by persistent identifiers that can recognize users over time and across different websites or online services, (vi) require that covered website operators and online service providers take reasonable steps to release children’s personal information only to companies that are capable of keeping it secure and confidential, (vii) require that covered website operators adopt reasonable procedures for data retention and deletion, and (viii) strengthen the FTC’s oversight of self-regulatory safe harbor programs. The amendments also modify several other key definitions in the rule. Notably, the revised definition of “operator” clarifies that the rule covers a child-directed site or service that integrates outside services that collect personal information from its visitors, but it does not extend liability to platforms that merely offer the public access to child-directed apps. FTC Commissioner Maureen Ohlhausen voted against the amendments and issued a dissenting statement in which she argued that the new definition of “operator” goes beyond what Congress authorized by imposing obligations on websites or online services that do not collect personal information from children or have access to or control of such information collected by a third party.
President, Congress Extend Cross-Border Fraud Enforcement Law
On December 4, President Obama signed a bill, H.R. 6131, that extends through December 2020, a law that enhances the FTC’s ability to address cross-border fraud, and particularly to fight spam, spyware, and Internet fraud and deception. Originally passed in December 2006 and set to expire in December 2013, the U.S. SAFE WEB Act amended the FTC Act to include within the definition of "unfair or deceptive acts or practices" certain acts or practices involving foreign commerce. Further, the law authorizes the FTC to (i) disclose certain privileged or confidential information to foreign law enforcement agencies, and (ii) provide investigative assistance to a foreign law enforcement agency pursuing violations of laws prohibiting fraudulent or deceptive commercial practices or other practices substantially similar to practices prohibited by laws administered by the FTC without requiring that the conduct identified constitute a violation of U.S. laws.
CFPB and FTC Warn Mortgage Companies about Potentially Misleading Advertisements
On November 19, the CFPB announced that it issued warning letters to about a dozen nonbank mortgage lenders and brokers regarding advertisements targeted towards older Americans and veterans that may violate the Mortgage Acts and Practices Advertising Rule (MAP Rule). The CFPB claims that certain companies’ ads may (i) make misrepresentations about government affiliation, (ii) provide inaccurate information about interest rates, (iii) make misleading statements about the costs of reverse mortgages, or (iv) misrepresent the amount of cash or credit available to a consumer. The letters do not make any determinations as to whether the ads at issue violate the law, and the letters provide the companies an opportunity to review and remedy any potential violations. However, the CFPB announcement also notes that the Bureau has initiated formal investigations of six companies for “serious violations of the law.” At the same time, the FTC announced that it sent letters to twenty real estate agents, home builders, and lead generators warning that certain advertisements may similarly violate the MAP Rule or section 5 of the FTC Act. The FTC also acknowledged that it has opened nonpublic investigations of other advertisers that may have violated federal law. This coordinated CFPB/FTC action resulted from a review of about 800 randomly selected mortgage-related ads from across the country, including ads for mortgage loans, refinancing, and reverse mortgages. BuckleySandler is representing one of the companies being investigated by the FTC in connection with this review.
FTC Loses Motion in Unfair Billing Case Against Online Payday Loan Referral Service
On November 7, the U.S. District Court for the Middle District of Florida held that numerous factual issues prevented the court from granting summary judgment on the FTC’s claims that an online payday loan referral business engaged in unfair and deceptive billing practices and failed to provide adequate disclosures. FTC v. Direct Benefits Group, LLC, No 11-1186, 2012 WL 5430989 (M.D. Fla. Nov. 7, 2012). The FTC alleges that the defendants violated the FTC Act by obtaining consumers’ bank account information through payday loan referral websites and debiting their accounts without their consent. The FTC also alleges that the defendants failed to adequately disclose that, in addition to using consumers’ financial information for a payday loan application, they would use it to charge them for enrollments in unrelated programs and services. Although it acknowledged that the FTC had presented substantial evidence regarding consumer complaints about the defendants’ activities, the court held that because the defendants maintain that no consumer could be enrolled in the programs without at least clicking an “okay” button on the defendants’ websites, the FTC was not entitled to summary judgment. A bench trial is scheduled for November 27, 2012, during which the parties will present additional evidence and arguments regarding the content and operation of the websites and whether consumers could enroll in the referral programs without taking affirmative steps to do so.
FTC and States Target "Cardholder Services" Robocalls
On November 1, the FTC announced that courts have granted temporary restraining orders in five cases in which the FTC alleged that the defendants placed automated calls to consumers to make allegedly deceptive “no-risk” offers to substantially reduce the consumers’ credit card interest rates in exchange for an upfront fee. The telemarketers claimed to be calling from the consumers’ credit card company, or otherwise used the generic “Cardholder Services” title to suggest a relationship with a bank or credit card company, the FTC says. Each complaint alleges that the defendants violated the FTC Act by misrepresenting that consumers who buy their services will have their credit card interest rates reduced substantially and will save thousands of dollars as a result. Four of the five complaints also charge that the defendants violated the FTC Act by making other misrepresentations, such as promises of faster debt payoff. The FTC also charges that the defendants violated the Telemarketing Sales Rule (TSR) by misrepresenting their services, calling numbers on the Do Not Call Registry, making illegal robocalls, and collecting up-front fees. The FTC coordinated with multiple state entities, including the attorneys general of Arizona and Arkansas and the Florida Department of Agriculture and Consumer Services, each of which took separate actions against other companies for similar alleged activities.
FTC Obtains Consumer Privacy Consent Order From Web Analytics Company
On October 22, the FTC announced a proposed consent order with an Internet tracking and analytics company that allegedly gathered personal data without consumer consent and failed to honor its promises to protect personal data. According to the FTC, Compete Inc. encouraged consumers to download its tracking software by promising rewards and information about the websites that customers visited. After installation, Compete’s software automatically collected information that consumers entered into websites, including usernames, passwords, search terms, and credit card and Social Security numbers. The FTC stated that Compete violated promises to consumers to collect only the names of websites that consumers visited, to remove personally identifiable information, and to protect consumer information. The proposed consent order requires Compete to (i) fully disclose what information it collects, (ii) obtain consumers’ express consent prior to collecting data, (iii) delete or anonymize previously collected information, and (iv) implement an information security program with regular third-party audits for the next twenty years.
FTC Announces Two Privacy Events
On October 15, the FTC announced that it will host a workshop to examine the practices and privacy implications of comprehensive collection of consumers' online activities. On December 6, 2012, consumer protection organizations, academics, business and industry representatives, privacy professionals, and other stakeholders will review Internet data collection methods, identify those companies currently capable of comprehensive Internet data collection, consider what new legal protections are needed, and explore other related topics. The workshop is one step the FTC promised to pursue in a March 2012 report that urged companies to implement certain consumer privacy protections. On October 17, the FTC announced an upcoming forum on using enforceable industry codes of conduct to protect consumers in cross-border commerce. The forum will focus on the use of systems, like the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules system which was created earlier this year, when information moves between countries with different privacy rules. The forum will bring together government officials, academics, industry members, and consumer groups to discuss the increasing use of such codes.
GAO Urges Federal Actions to Protect Mobile Device Users' Privacy
On October 11, the GAO released a report on its examination of how the mobile industry collects location data and the resulting impact on consumers. According to the report, privacy advocates expressed concerns that consumers are generally unaware of how location data is used by third-parties and that consumers could be subject to increased risk of surveillance by law enforcement, identity theft, and threats to personal safety. The GAO examined how companies have applied practices recommended by industry associations and privacy advocates to protect consumers' privacy while using mobile location data. The report reviews actions taken by federal agencies to provide consumer education and develop industry codes of conduct. The GAO recommends, among other things, that NTIA work with stakeholders to develop industry codes of conduct and that the FTC consider issuing guidance on mobile companies' appropriate actions to protect location data privacy.
FTC Settles Charges Related to Sale and Use of Consumer Mortgage Payment Data
On October 10, the FTC announced that a major consumer reporting agency (CRA) agreed to settle charges that it improperly sold lists of consumers who were late on their mortgage payments. The CRA will pay $393,000 to resolve allegations that it violated the FTC Act by failing to implement procedures to prevent the sale of lists of consumer information to firms that should not have received them. In a separate but related case, which the DOJ pursued under a referral from the FTC, a data reseller and its affiliates settled charges that the companies violated the FTC Act and FCRA by (i) obtaining prescreened lists without having a permissible purpose, (ii) reselling the reports without disclosing to the consumer reporting agency that provided them who the end users would be, (iii) failing to maintain reasonable procedures to ensure that prospective users had a permissible purpose to get them, (iv) to the extent that firm offers of credit were made, failing to maintain a record of the criteria used to select consumers for these offers, and (v) failing to control access to sensitive consumer financial information. The resellers agreed to pay a $1.2 million civil penalty and will be barred from using or selling prescreened lists without a permissible purpose, or in connection with solicitations for debt relief or mortgage assistance relief products or services.
DOJ Announces Results of Year-Long Mortgage Fraud Initiative
On October 9, the DOJ, HUD, the FTC, and the FBI announced the results of the Distressed Homeowner Initiative, a year-long national effort to coordinate federal and state investigation and prosecution of alleged mortgage fraudsters. The Initiative was carried out under the Mortgage Fraud Working Group of the FFETF. Between October 1, 2011 and September 30, 2012, the unit’s work resulted in 285 criminal indictments and informations against 530 defendants. The announcement described many of the Working Group’s investigative tactics, including undercover operations, and explained the reasons behind the Working Group’s focus on Southern California. The Working Group expects more enforcement actions to result from ongoing investigations, and the FFETF has several other active working groups, including the Residential Mortgage-Backed Securities Working Group that recently sued a major bank over alleged fraudulent misrepresentations and omissions in the sale of RMBS to investors.