On March 7, the FTC announced it had finalized substantial revisions to the Telemarketing Sales Rule (the proposed rule was discussed here). Since promulgated in 1995, the TSR has been amended four times, most recently in 2015. This latest revision to the TSR significantly expands its reach by bringing business to business (B2B) telemarketing calls within its scope. Moreover, the revisions substantially enhanced the TSR’s recordkeeping requirements which will likely have a major impact on telemarketers’ compliance efforts. Key revisions to the TSR include:Continue Reading FTC Announces Major Expansion of Telemarketing Sales Rule

On February 6, the FTC announced that it had reached proposed settlements with several defendants in a pending action where the parties were accused of operating a fraudulent student debt relief scheme and collecting so-called “junk fees” from consumers.Continue Reading FTC Announces Settlement of Junk Fee Enforcement Action

On January 18, the FTC issued a consent order prohibiting a digital platform and data aggregator from selling or licensing precise consumer location data on the grounds that it did not obtain consumer consent before collecting and selling the data to advertisers.Continue Reading FTC Cracks Down on Data Aggregator, Bans Sale of Precise Consumer Location Data

On January 10, the CFPB and the attorneys generals of Colorado, Delaware, Illinois, Minnesota, New York, North Carolina, and Wisconsin sued a New York-based debt relief company and its founders in the U.S. District Court for the Western District of New York for violating the Telemarketing Sales Rule as well as New York and Wisconsin state law.Continue Reading CFPB and Attorneys General Sue Debt-Relief Enterprise

On January 25, the FTC announced that it was issuing Section 6(b) orders against five Big Tech companies requiring them to provide information regarding recent investments and partnerships involving generative artificial intelligence (AI) companies and major cloud service providers.Continue Reading FTC Opens Inquiry Into Generative AI Investments and Partnerships

On November 21, the FTC voted 3-0 to approve the omnibus resolution authorizing the use of compulsory process in nonpublic investigations involving products and services that use or claim to be produced using artificial intelligence (AI) or claim to detect its use. The resolution will make it easier for FTC staff to issue civil investigative demands (CIDs), which are a form of compulsory process similar to a subpoena, in investigations relating to AI, while retaining the Commission’s authority to determine when CIDs are issued. This resolution will be in effect for 10 years. Continue Reading FTC Approves Compulsory Process for AI-related Products and Services

On November 2, the FTC entered into a settlement agreement with a Manhattan-based fintech company for $18 million over alleged deceptively marketed cash advances to consumers and impeding customers’ ability to cancel memberships. The FTC alleged that the fintech company violated the FTC Act and the Restore Online Shoppers’ Confidence Act (ROSCA).Continue Reading FTC Settles with Fintech for $18M over Deceptive Cash Transfers and Difficult-to-Cancel Memberships

On November 7, the FTC and the State of Florida settled with a chargeback mitigation company and its owners for $150,000. The chargeback company was allegedly using deceptive practices, including referencing disclaimers that were not actually shown to the customers during the checkout process, to prevent consumers from disputing credit card charges through the chargeback process.Continue Reading FTC, Florida Settle with Chargeback Mitigation Company for $150K

On October 27, the FTC has approved an amendment to the Safeguards Rule that would require non-banking institutions to report certain data breaches and other security events to the agency. The amendment requires financial institutions to notify the FTC as soon as possible, and no later than 30 days after discovery, of a security breach involving the information of at least 500 consumers. Such an event requires notification if unencrypted customer information has been acquired without the authorization of the individual to which the information pertains. The notice to the FTC will need to include certain information about the event, including:Continue Reading FTC Amends Safeguards Rule, Requires Non-Banks to Report Data Security Breaches