On April 4, CFPB Director Rohit Chopra delivered remarks at the International Association of Privacy Professionals’ Global Policy Summit on the importance of reigning in repeat violators of consumer finance and privacy laws. According to the Director, the CFPB is to enhance penalties against repeat offenders of consumer protection laws. Such penalties could involve a broader range of agency remedies, including naming executives in enforcement actions and placing meaningful limitations on future business practices, in addition to simple fines.
Notably, Director Chopra stated that the CFPB intends to focus on enforcement in the context of violations of consumer data protection laws, whether by small firms, tech conglomerates, or companies situates in the middle. Director Chopra highlighted a number of privacy-related priorities that include:
- Addressing the potential risks associated with tech companies moving into the digital payments market;
- The safety and soundness of digital currencies; and
- The use of “dark patterns” allegedly designed to manipulate consumers into buying products and/or sharing their personal information.
Putting it into Practice: Director Chopra’s remarks underscore recent agency enforcement actions against repeat offenders (see our previous blog posts regarding these actions here and here). The CFPB and other agencies are focused on identifying noncompliance with consent orders and remain intent on enforcing substantial penalties against companies that they deem to be repeat offenders. Accordingly, companies that are subject to ongoing consent orders, whether with the CFPB or other agencies, should confirm and document their compliance with such consent orders or else risk facing enhanced penalties, especially where such consent orders relate to alleged violations of consumer privacy law.