On July 17th, the Federal Trade Commission (FTC) announced reforms to its civil investigative demand (CID) process designed to streamline information requests and improve transparency in FTC investigations.  The process reforms that will be implemented for consumer protection cases include:

  • Providing plain language descriptions of the CID process and developing business education materials to help small businesses understand how to comply;
  • Adding more detailed descriptions of the scope and purpose of investigations to give companies a better understanding of the information the agency seeks;
  • Where appropriate, limiting the relevant time periods to minimize undue burden on companies;
  • Where appropriate, significantly reducing the length and complexity of CID instructions for providing electronically stored data;
  • Where appropriate, increasing response times for CIDs (for example, often 21 days to 30 days for targets, and 14 days to 21 days for third parties) to improve the quality and timeliness of compliance by recipient; and
  • Ensuring companies are aware of the status of investigations by adhering to the current practice of communicating with investigation targets concerning the status of investigations at least every six months after they comply with the CID.

The reforms are part of the FTC’s broader initiative to implement Presidential directives aimed at eliminating wasteful, unnecessary regulations, and processes.  The FTC had previously announced other efforts that are already underway:

  • Forming new groups within the Bureau of Competition and the Bureau of Consumer Protection working to eliminate unnecessary costs to companies and individuals who receive CIDs.
  • Reviewing FTC dockets and closing older investigations, where appropriate.
  • Working to identify unnecessary regulations that are no longer in the public interest.
  • The FTC Bureau of Consumer Protection is actively reviewing closed data security investigations to extract key lessons for improved guidance and transparency.
  • The FTC Bureaus of Consumer Protection and Economics are working together to integrate economic expertise earlier in FTC investigations to better inform agency decisions about the consumer welfare effects of enforcement actions.
  • Acting Chairman Ohlhausen has established a new capability within her office to collect and review ideas on process streamlining and operational efficiency opportunities from across the agency.

The CFPB, which originally modeled many of its own investigatory processes on the FTC model, should consider whether any of these reforms make sense for its own CIDs, which have been frequently criticized as being expansive in scope, vague, and unduly burdensome.

As part of its “Class Action Fairness Project,” the FTC is seeking comment on its plans to use an Internet panel to conduct research on class action notices.  According to the FTC’s Federal Register notice, the project “strives to protect injured consumers from settlements that provide them with little to no benefit and to protect businesses from the incentives such settlements may create for the filing of frivolous lawsuits.”  Actions taken by the FTC as part of the project include monitoring class actions and filing amicus briefs or intervening in appropriate cases; coordinating with state, federal, and private groups on important class action issues; and monitoring the progress of legislation and class action rule changes.  Comments in response to the FTC’s notice will be due on or before August 17, 2017.

In 2015, the FTC announced its plans to study whether consumers receiving class action notices understand the process and implications for opting out of a settlement, the process for participating in a settlement, and the implications for doing nothing (Notice Study).  It also announced that it planned to conduct a study to determine what factors influence a consumer’s decision to participate in a class action settlement, opt out of a class action settlement, or object to the settlement (Deciding Factors Study).

In the new notice, the FTC states that as part of the Notice Study, it proposes to conduct an Internet-based consumer research study to explore consumer perceptions of class action notices.  Using notices sent to class members in various nationwide class action settlements and “streamlined versions designed by the FTC staff,” the study will focus on notices sent to individual consumers via email and will examine whether variables such as the sender’s email address and subject line impact a consumer’s perception of and willingness to open an email notice.  The FTC plans to send an Internet questionnaire to participants drawn from an Internet panel with nationwide coverage maintained by a consumer research firm that operates the panel.

While the FTC plans to assess consumer comprehension of the options conveyed by the notice, including the process for participating in the settlement and the implications of consumer choice, in the Notice Study, it no longer plans to examine whether consumers understood the implications of opting out of a settlement,  According to the FTC, it has determined that the opt-out issue is more appropriately addressed in the Deciding Factors Study.

In November 2015, the FTC issued orders to eight claims administrators requiring them to provide information on their procedures for notifying class members about settlements and the response rates for various methods of notification.  While the FTC notes that it has used data obtained through the orders to inform the Notice Study and that such data will also be used to inform its Deciding Factors Study, it does not provide any information about what such data revealed.  We had commented that the response rate data provided to the FTC by the claims administrators was expected to show extremely low response rates (i.e., less than 5 percent) in most cases, providing support for critics of the CFPB’s proposed rule to prohibit providers of certain consumer financial products and services from using a pre-dispute arbitration agreement that contains a class action waiver.

That rule has now been finalized and like the CFPB’s proposed rule, is based on the CFPB’s view that consumers obtain more meaningful relief through class actions than in arbitration.  Low average response rates would be further evidence that the CFPB’s premise is incorrect and arbitration is more beneficial to consumers than class actions.

 

 

 

 

 

The Federal Trade Commission (“FTC”) released an updated version of its guidance on complying with the Children’s Online Privacy Protection Act (“COPPA”) on June 21, 2017. Companies that collect personal information from children under 13 years of age need to comply with COPPA. To help companies with COPPA compliance, the FTC’s guidance presents a six-step plan:

  • Step 1: Determine whether your company is a website or online service that collects personal information from kids under 13;
  • Step 2: Post a privacy policy that complies with COPPA;
  • Step 3: Notify parents directly before collecting personal information from their kids;
  • Step 4: Get parents’ verifiable consent before collecting personal information from their kids;
  • Step 5: Honor parents’ ongoing rights with respect to personal information collected from their kids; and
  • Step 6: Implement reasonable procedures to protect the security of kids’ personal information.

The updated guidance makes two important changes. First, the FTC clarifies that “website or online service” includes Internet of Things devices as well as connected toys and other products intended for children that collect personal information, like voice recordings or geolocation data.

Second, the updated guidance provides two additional methods by which businesses can obtain verifiable consent from parents to collect personal information from children:

  • Parents can answer a series of knowledge-based challenge questions that would be difficult for someone other than the parent to answer; or
  • Parents can provide a picture of a driver’s license or other photo ID which is then compared to a second photo submitted by the parent using facial recognition technology.

On July 19, the Federal Trade Commission will hold a workshop in San Antonio titled the “2017 Military Consumer Financial Workshop: Protecting Those Who Protect Our Nation.” The FTC has uploaded an agenda and list of panelists for the workshop. Acting FTC Chairman Maureen K. Ohlhausen will be in attendance and deliver the event’s opening remarks. Describing the focus of the forum, Ohlhausen commented that “[h]elping servicemembers and veterans avoid fraud, learn about their legal rights and remedies, and find resources that protect them in the financial area is a top priority.”

Topics to be discussed include auto finance, student lending, installment credit practices, debt collection, legal rights and remedies, financial literacy, and identity theft. The FTC expects the workshop to draw participants from a wide range of spheres, including all service branches, military consumer advocates, consumer groups, legal services providers and clinics serving the military, and representatives from government and industry.  The event, which is free and open to the public, will also be tweeted live from the FTC’s Military Consumer Twitter account (@Milconsumer) using the hashtag #MilFinancial Workshop.

An Illinois federal judge ordered Dish Network to pay the federal government $168 million for violating the FTC’s Telephone Sales Rule (“TSR”).  The judgment is the largest civil penalty ever obtained for a violation of the TSR.  The remainder of the civil penalty was awarded to the states of California, Illinois, North Carolina, and Ohio for violations of the Telephone Consumer Protection Act (“TCPA”) and various state statutes.  In addition to permanently blocking Dish from making calls in violation of the do-not-call laws, the order requires Dish to undergo substantial long-term compliance monitoring.  Among the many costly provisions of the compliance monitoring component of the order, Dish is required to hire a telemarketing-compliance expert to prepare policies and procedures to ensure that Dish and its primary retailers continue to comply with the injunction and the telemarketing laws.

The decision follows a five week bench trial that commenced in January 2016.  A number of factors were central to the district judge’s 475-page opinion.  Significantly, the calls were placed to individuals whose numbers were listed on the National Do Not Call Registry and to individuals who informed Dish that they did not want to receive calls from them.  Notably, the court ruled in favor of the federal government on all of the TSR counts and found more than 66 million TSR violations.  It further chastised Dish for employing call centers without any vetting or meaningful oversight.  The court also admonished Dish for its refusal to take responsibility for the actions of its call centers and retailers.  Such remarks represent a growing trend of courts scrutinizing companies over their monitoring of third-party vendors and their practices.  Just last month, a North Carolina federal judge presiding over a TCPA class action, found Dish vicariously liable for its vendor’s willful and knowing violations of the TCPA and trebled the damages to $1,200 per call—more than $61 million in total.

A Dish spokesman said that Dish “respectfully disagrees” with the Illinois decision and plans to appeal.

At the Auto Finance Risk and Compliance Summit held this week, Calvin Hagins, CFPB Deputy Assistant Director for Originations, stated that the CFPB is increasingly asking lenders about ancillary product programs during examinations, particularly about the percentage of consumers buying these products.

In June 2015, when the CFPB released its larger participant rule for nonbank auto finance companies, it also issued auto finance examination procedures in which ancillary products, like GAP insurance and extended service contracts, received heavy attention.  We commented that by giving so much attention to these products, the CFPB was signaling its intention to give lots of scrutiny to these products in the auto finance market.  Mr. Hagins’s comments confirm that the CFPB is in fact looking closely at these products in exams.

Speaking at the Summit as a member of a regulatory panel, Mr. Hagins indicated that companies should expect to get questions from CFPB examiners about ancillary products.  He indicated that the CFPB specifically looks at how the product is offered to the consumer, when in the contracting process is it offered, how disclosures are being provided to the consumer, and the acceptance rate.  As an example, he indicated that a 95% acceptance rate would cause CFPB examiners to raise questions about how the rate was achieved.

At the Summit, Colin Hector, an FTC attorney, indicated that the FTC is also interested in ancillary products, particularly whether there is a potential for consumer deception in how they are sold.  He commented that, in its enforcement work, the FTC has focused on ancillary product sales that occur at the end of the sales process when consumers may be led to believe they must purchase the products to obtain financing and the seller has increased leverage because the consumer is more invested in completing the transaction.

 

Numerous media sources have reported that Senate Minority Leader Chuck Schumer has recommended Rohit Chopra to fill the open Democratic seat on the FTC.

Mr. Chopra, who currently serves as a senior fellow at the Consumer Federation of America, formerly served as the CFPB’s Student Loan Ombudsman.  After leaving the CFPB, he is reported to have served as a special adviser to former Education Secretary John B. King Jr. and subsequently to have been a member of Hillary Clinton’s presidential transition team.

It will ultimately be President Trump’s decision whether to nominate Mr. Chopra to fill the FTC seat.  His nomination would also require Senate confirmation.

 

 

A D.C. federal district court has rejected a trade group’s attempt to invalidate a November 2016 FTC opinion in which the agency concluded that outbound telemarketing calls made using soundboard technology are subject to the prior written consent requirement for robocalls in the FTC’s Telemarketing Sales Rule (TSR).

The TSR’s robocall written consent requirement applies to “any outbound telephone call that delivers a prerecorded message.”  The FTC’s 2016 opinion revoked a 2009 opinion in which it had concluded that because soundboard technology allows the caller and recipient to have a two-way conversation, such calls were not subject to the TSR’s robocall consent requirement.  (In calls using soundboard technology, the caller can play pre-recorded audio clips in response to the call recipient’s statements and break in to the call when needed to speak directly to the recipient.)  The FTC changed its position in response to an increasing number of consumer complaints that consumers were not receiving appropriate responses to their questions and comments and live operators were not intervening in the calls as well as evidence that callers using soundboard technology were handing more than one call at a time.  In its 2016 opinion, the FTC made the revocation of its 2009 opinion effective on May 12, 2017 so that industry would have time to make the changes necessary to bring itself into compliance.

In reaching its decision, the district court first determined that the FTC’s 2016 opinion was a reviewable “final agency action” because it took a “definitive position that telemarketing calls deployed with soundboard technology are subject to the robocall regulation.”  More specifically, “telemarketing companies must either undertake the expense of coming into compliance with the agency’s new position or risk enforcement action.”

It then rejected the trade group’s claim that the FTC’s action violated the Administrative Procedure Act (APA) because the FTC did not follow the notice and comment process.  According to the court, because the 2009 opinion revoked by the 2016 opinion was clearly an “interpretive rule” rather than a “legislative rule,” the FTC’s “decision to rescind that opinion did not change the fundamental character of the agency’s action and transform an interpretive rule into a legislative one.”  As a result, the FTC was not required to follow the APA notice and comment procedures before issuing the 2016 opinion.

The district court also rejected the trade group’s claim that subjecting soundboard technology to the TSR robocall written consent requirement violated the First Amendment because it constituted an impermissible content-based restriction on the speech of the trade group’s members engaged in charitable fundraising.  According to the trade group, the TSR robocall consent requirement represented a content-based regulation because it applied to calls soliciting donations from new donors but did not apply to calls soliciting donations from prior donors or members of the non-profit on whose behalf the call is made.  The trade group argued that the carve-out for solicitation calls to prior donors and members constituted a content-based restriction on speech because the FTC must look at what is said in the call (i.e. whether the caller requests a first-time donation or a repeated donation) to determine if the written consent requirement applies.

The court concluded that the distinction between existing and other donors was relationship-based and not content-based.  As a result, it was only subject to intermediate scrutiny under the First Amendment.  The court found that the distinction satisfied such scrutiny because it was narrowly tailored to serve a significant governmental interest (namely, “protecting against unwarranted intrusions into a person’s home or pocket”) and left open ample alternative channels of communication (such as media advertising, mailing, and use of live callers instead of pre-recorded messages).

 

On May 24, 2017, the FTC will hold a daylong conference on identity theft in Washington, D.C.

The conference, “Planning for the Future,” will include panel discussions about how identity thieves acquire and use consumer information, how websites trade in stolen consumer information, the impact of identity theft on financial services, health care and other sectors, the challenges that identity theft victims face, and resources available to identity theft victims.  FTC technical experts will give a presentation on how malicious actors use consumer data available online.

The final agenda indicates that speakers will include FTC, DOJ, Secret Service, and IRS representatives as well as industry representatives and consumer advocates.

 

Last week, the Federal Trade Commission (FTC) Bureau of Consumer Protection’s Acting Director, Thomas Pahl, posted on the FTC’s Business Blog about the FTC’s role as the federal agency with the “broadest jurisdiction” to pursue privacy and data security issues. Pahl noted that for over twenty years the FTC has used its authority, “thoughtfully and forcefully to protect consumers even as new products and services emerge and evolve.”  Pahl emphasized that the FTC is “the enforcement leader in the privacy and security arena” and that the FTC will continue to “focus the national conversation on keeping consumer privacy and data security front and center as new technologies emerge.”

Pahl’s blog posting supports recent statements by FTC Acting Chairman Maureen Ohlhausen, who recently testified before Congress that, “the FTC is committed to protecting consumer privacy and promoting data security in the private sector.”

Companies should not expect the FTC to reduce its enforcement activities relating to privacy and data security issues, but companies can expect the FTC to shift away from bringing cases based on novel legal theories.  Ohlhausen is committed to re-focusing the FTC’s efforts on “bread-and-butter” enforcement.  Ohlhausen has spoken openly in opposition to recent enforcement actions brought under the Obama Administration that were based on speculative injury or subjective types of harm rather than concrete consumer injury.

Furthermore, companies should expect further guidance from the FTC relating to privacy and data security expectations to help reduce unnecessary regulatory burdens and provide additional transparency to businesses on how they can remain compliant and avoid engaging in unfair or deceptive acts of practices.  Under Ohlhausen’s leadership, companies should be watching closely for FTC guidance laying out what they should do to protect consumer privacy and ensure proper data security, rather than just waiting to find out what they should not do from FTC enforcement actions.