InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FTC Issues Advertising and Privacy Guidelines for Mobile Application Developers
On September 5, the FTC published “Marketing Your Mobile App: Get It Right from the Start,” a guide to assist mobile application developers in complying with federal advertising and privacy requirements. The Guide provides basic guidance and principles related to truthful advertising and consumer privacy protections. For example, the guide urges application developers to (i) disclose key information in advertising materials clearly and conspicuously, (ii) collect sensitive information only with user’s affirmative consent, and (iii) avoid collecting unnecessary data and ensure the security of any sensitive data that is collected.
FTC Extends Comment Period for Children's Privacy Rule
On August 27, the FTC extended through September 24, 2012 the time period for comments on proposed changes to the Children’s Online Privacy Protection Rule. The comment period originally was due to close on September 10, 2012.
FTC Finalizes Privacy Settlement with Facebook
On August 10, the FTC approved a final settlement to resolve charges that Facebook deceived customers by failing to meet stated privacy protections. The FTC alleged, among other things, that Facebook shared personal information with advertisers despite assurances that it would not do so. The agreement does not include any monetary penalty, but Facebook is prohibited from making any deceptive privacy claim, and it must obtain consumers' approval before changing the way it shares their data. For the next twenty years, Facebook also must obtain periodic assessments of its privacy practices by independent auditors. One Commissioner objected, stating that because the agreement includes a denial of the allegations, the Commission does not have sufficient grounds under the FTC Act to accept the consent agreement. Further, the dissenting Commissioner stated that the settlement is insufficient because it does not clearly extend to all representations made in the Facebook environment and specifically may not cover third-party applications.
FTC Announces Settlement With Google Over Privacy Violations
On August 9, the FTC announced that it obtained from Google a $22.5 million civil penalty to resolve allegations that the company misrepresented certain privacy protections to consumers. According to the FTC, Google violated a previous FTC settlement and order when it placed advertising tracking cookies on the computers of Apple’s Safari Internet browser users, despite Google specifically telling users that they would be opted out of such tracking by default. The FTC states that the penalty is the largest it has ever obtained for violation of a previous order.
Federal Reserve Banks Publish Report on Regulatory Landscape for Mobile Payments
Recently, the Federal Reserve Banks of Atlanta and Boston published a report on an April 2012 meeting of the Mobile Payments Industry Workgroup and representatives from federal and state banking regulators, the FTC, and the FCC to review the regulatory landscape for mobile payments. The paper notes that (i) remote payments and money transfers are beginning to emerge to facilitate person-to-person payments and cannot be ignored from a regulatory perspective, (ii) growth in nonbank money transfer services is subjecting more nontraditional technology-based companies to state money transmitter licenses and related regulatory oversight, and (iii) the CSBS and the Money Transmitter Regulators Association are creating a nationwide cooperative supervisory system for the coordinated multistate examination of money transmitters. The report also reflects the meeting participants’ consensus that the existing regulatory framework is sufficient for today’s mobile payment services. Still, the report states that the CFPB plans to review mobile payment disclosure practices to ensure that consumers have sufficient information in the event of account discrepancies, assess how disclosures are provided to consumers, and evaluate how the parties in mobile payment transactions handle error resolution and liabilities.
FTC Submits Staff Comments on CFPB's Proposed Prepaid Card Regulation
On July 30, the FTC released staff comments submitted in response to the CFPB’s Advance Notice of Proposed Rulemaking regarding the regulation of prepaid cards. The CFPB issued the Notice in May, noting its intention to extend Regulation E to cover general purpose reloadable gift cards and seeking comment, data, and information about such cards. In response, the FTC staff comments review the current regulation of payment cards, and identify for the CFPB’s consideration several consumer protection issues that may arise with regard to prepaid cards, including (i) liability limits, (ii) disclosure and fees expiration dates, (iii) error resolution procedures, (iv) authorization standards for recurrent payments, and (v) consumer access to account information.
FTC Considers Additional Revisions to Children's Online Privacy Protection Rule
On August 1, the FTC announced that it is seeking public comment on additional proposed changes to the Children’s Online Privacy Protection Rule (COPPA Rule). In September 2011, the FTC sought comments on certain proposed changes to its COPPA Rule. In response to the hundreds of comments received, as well as subsequent efforts to enforce the rule, the FTC now is proposing to modify certain definitions to enhance protections related to the online collection, use, or disclosure of children’s personal information. The revised definitions include: (i) “operator”, (ii) “website or online service directed to children”, and (iii) “personal information.” For example, with regard to “personal information”, the definition would be altered to include a persistent identifier where it can be used to recognize a user over time or across different websites. The FTC is accepting comments on the proposal through September 10, 2012.
FTC Wins Judgment in Mortgage Modification Case
On July 2, the Federal Trade Commission (FTC) announced that it obtained a $2.6 million judgment against three defendants for failing to provide mortgage modification services after collecting upfront fees from borrowers. The FTC alleged that nine defendants associated with a law firm violated the FTC Act and Telemarketing Sales Rule by sending borrowers in default postcards promising loan modifications, collecting fees for the services, and assuring borrowers that they qualified for modifications prior to obtaining lender approval. In addition, the FTC alleged that the defendants exaggerated the role an attorney would play in the modifications and pretended to be affiliated with a government agency. The $2.6 million judgment prohibits the three defendants from (i) telemarketing financial products or services, (ii) selling mortgage modification, foreclosure rescue, and debt-relief products or services, and (iii) collecting or attempting to collect from borrowers who had agreed to purchase a mortgage modification product or service. The court also approved settlements and entered a default judgment against the other defendants facing similar allegations.
FTC Sues Hotel Corporation and Subsidiaries Over Data Protection Practices
On June 26, the FTC filed a complaint in the U.S. District Court for the District of Arizona alleging that Wyndham Worldwide Corporation (and several of its subsidiaries) violated the FTC Act by misrepresenting the adequacy of their data security procedures. The FTC specifically maintains that Wyndham and its subsidiaries engaged in unfair and deceptive practices when they represented on their website that they maintained measures adequate to protect customers’ personal information. In truth, the FTC alleges, Wyndham failed to maintain such protections. According to the FTC, the companies’ lack of reasonable data security allowed intruders to obtain unauthorized access to that information on three separate occasions. These breaches purportedly resulted in more than $10.6 million in fraud loss and the export—to a foreign-registered domain—of payment card account information for hundreds of thousands of consumers.
FTC Settles FCRA Charges Against Data Broker
On June 12, the FTC announced that a data broker agreed to settle charges that it marketed and sold consumer profiles to companies engaged in human resources, background screening, and recruiting without taking steps to protect consumer information as required by FCRA. The FTC claimed that the data broker operated as a consumer reporting agency and violated FCRA when it failed to ensure that the information it compiled and sold would be used only for permissible purposes. The broker also allegedly failed to ensure that consumer information it sold was accurate and failed to inform buyers of their FCRA obligations. Among other things, the settlement requires the data broker to pay an $800,000 civil penalty and prohibits the firm from any future violations of FCRA.