On October 8, the FCC announced a $105 million settlement – the largest in the agency’s history – with a mobile telephone company to resolve allegations that the company engaged in unauthorized billing practices. According to the FCC, the company charged customers for third-party services, such as subscriptions for ringtones, wallpapers, and certain premium text messages, for which they did not sign up. Many customers contested the charges, only to discover that the company either refused to issue refunds or refunded them for only one or two months. Under the terms of the settlement, which the FCC negotiated with the FTC and the attorney generals of the 50 states and the District of Columbia, the company must pay $80 million to the current and former customers affected by its billing practices, $20 million to the state governments involved in the settlement, and $5 million to the U.S. Treasury.
On October 23, the CFPB and the FTC will hold a roundtable to discuss the effects of debt collection and credit reporting in the Latino community. The event will focus on the customers with limited English proficiency, and is scheduled to take place from 9 a.m. to 5 p.m. in Long Beach, CA.
On September 23, the Federal Trade Commission released a statement announcing the settlement of claims and a default judgment against a debt collection operation based out of Atlanta and Cleveland and its principals, barring them from debt collection activities and subjecting the defendants to a judgment of over $9.3 million. According to the release, the defendants violated FDCPA by threatening consumers with legal action unless they rendered payment on debts that the consumer, in many cases, did not actually owe. The defendants were alleged to use fictitious business names that implied affiliation with a law firm to harass consumers, through robocalls and voicemails, to make payments on these non-existent debts.
Federal Appeals Court Upholds District Court Order Barring Telemarketers From Selling Mortgage And Debt Relief Programs
This month, the U.S. Court of Appeals for the Sixth Circuit issued a decision to uphold the District Court of Northern Ohio’s earlier ruling prohibiting the defendants from selling false mortgage assistance and debt relief programs through a telemarketing scheme. F.T.C. v. E.M.A. Nationwide, Inc., No. 1:12-CV-2394 (N.D. Ohio Aug. 27, 2013). Since at least mid-2010, the defendants were allegedly deceiving consumers by promising that the programs would “help them pay, reduce, or restructure their mortgage and other debts.” According to the FTC’s press release, in September 2012, the defendants were charged with violations of: (i) the FTC Act; (ii) the Commission’s Telemarketing Sales Rule; and (iii) the Mortgage Assistance Relief Services Rule. The court ordered the defendants to jointly pay restitution of more than $5.7 million to the consumers affected by the fraudulent practices.
On September 12, a mortgage refinancing lead generator, Intermundo Media, LLC (doing business as Delta Prime Refinance), agreed to pay a $500,000 civil penalty, among other things, to settle the FTC’s allegations that the company produced and distributed false advertisements that misrepresented to consumers that they could refinance their mortgages at no cost. The FTC’s complaint alleged that Intermundo’s advertisements violated the Federal Trade Commission Act, the Mortgage Acts and Practices Advertising Rule, or “MAP” Rule, and Regulation N, and the Truth in Lending Act and Regulation Z. The advertisements, which were published on the company’s own website, as well as websites such as Google, Microsoft, AOL, and Yahoo!, allegedly exaggerated the amount that consumers could reduce their payments if they refinanced their mortgages, the amount that their refinanced APR would be, and how easy it would be to qualify for refinancing. Some of the advertisements falsely claimed that there were no fees associated with the refinancing, and other advertisements claimed that fixed interest rates were available, when the rates actually were variable. As part of the settlement, Intermundo will pay a $500,000 civil penalty and will be enjoined from committing further violations and from selling, disclosing or transferring the consumer data obtained through the Delta Prime Refinance lead generation service. The complaint was filed in the U.S. District Court for the District of Colorado, and the proposed consent decree, which contains the terms of the settlement, is subject to court approval.
Recently, the CFPB signed a memorandum of understanding with the Departments of Veterans Affairs, Defense and Education to improve outreach and transparency to veterans and servicemembers by providing meaningful information to help them make informed decisions when selecting an institution of higher learning, including access to financial cost and performance outcome information. These improvements for military educational benefit recipients are designed to prevent deceptive recruiting practices and ensure that educational institutions provide high-quality academic and support services to veterans and servicemembers. Specifically, the agreement requires the CFPB to (i) designate the Assistant Director for Servicemember Affairs, Holly Petraeus, as the point of contact for information sharing processes among the Departments of Veterans Affairs, Defense and Education; (ii) alert agencies to patterns of noncompliance; and (iii) provide complaint data to the FTC. On August 26, the CFPB issued a press release describing this agreement as a means to better protect veterans, servicemembers, and their family members attending college by carrying out “a comprehensive strategy to strengthen enforcement and compliance work.” The agreement is effective July 18, 2014.
On August 22, the CFPB and the federal banking agencies (Fed, OCC, FDIC and NCUA) issued interagency guidance regarding unfair or deceptive credit practices (UDAPs). The guidance clarifies that “the repeal of the credit practices rules applicable to banks, savings associations, and federal credit unions is not a determination that the prohibited practices contained in those rules are permissible.” Notwithstanding the repeal of these rules, the agencies preserve supervisory and enforcement authority regarding UDAPs. Consequently, the guidance cautions that “depending on the facts and circumstances, if banks, savings associations and Federal credit unions engage in the unfair or deceptive practices described in the former credit practices rules, such conduct may violate the prohibition against unfair or deceptive practices in Section 5 of the FTC Act and Sections 1031 and 1036 of the Dodd-Frank Act. The Agencies may determine that statutory violations exist even in the absence of a specific regulation governing the conduct.” The guidance also explains that the FTC Rule remains in effect for creditors within the FTC’s jurisdiction, and can be enforced by the CFPB against creditors that fall under the CFPB’s enforcement authority.
On August 19, the FTC approved final orders resolving allegations that two companies: (i) misrepresented the level of security of their mobile applications; and (ii) failed to secure the transmission of millions of consumers’ sensitive personal information. The FTC alleged that one company’s application assured consumers that their credit card information was stored and transmitted securely even though the company disabled a higher level of security validation, which allowed such credit card information to be intercepted. In addition, the company allegedly failed to have an adequate process for receiving vulnerability reports from security researchers and other third parties. The FTC alleged that the second company also disabled enhanced security validation despite claiming that it followed industry-leading security precautions, which also left consumers’ information vulnerable to interception. The final settlement orders require both companies to establish comprehensive programs designed to address security risks during the development of their applications and to undergo independent security assessments every other year for the next 20 years. The settlements also prohibit the companies from misrepresenting the level of privacy or security of their products and services.
On August 14, the Center for Digital Democracy (CDD) announced that it filed a complaint with the FTC claiming that 30 U.S. companies are compiling, using, and sharing EU consumers’ personal information without their awareness and meaningful consent, in violation the U.S.-EU Safe Harbor Framework. The U.S.-EU Safe Harbor Framework established a self-certification program that allows a company to collect information from European consumers without strictly following the EU’s more stringent data protection standards, provided the company (i) provides clear notice of their data-collection practices and data uses; and (ii) allows consumers to “opt-out” of data collection practices to which they did not previously agree. According to its press release, the CDD wants the FTC to investigate the companies for “relying on exceedingly brief, vague, or obtuse descriptions of their data collection practices, even though [U.S.-EU] Safe Harbor requires meaningful transparency and candor.” The complaint identifies several broad concerns that the CDD claims illustrate the inadequacy of the U.S.-EU Safe Harbor Framework, including: (i) the failure of U.S.-EU Safe Harbor declarations and required privacy policies to provide accurate and meaningful information to EU consumers; (ii) a lack of transparency by companies about their data collection; and (iii) the failure of companies to provide meaningful opt-out mechanisms. The FTC has already taken more than a dozen actions this year to enforce the U.S.-EU Safe Harbor Framework.
On August 1, the FTC released a staff report on the agency’s review of shopping apps—those used for comparison shopping, to collect and redeem deals and discounts, and to complete in-store purchases. The FTC staff examined information available to consumers before they download the software onto their mobile devices—specifically, information describing how apps that enable consumers to make purchases dealt with fraudulent or unauthorized transactions, billing errors, or other payment-related disputes. The staff also assessed information on how the apps handled consumer data. The FTC staff determined that the apps studied “often failed to provide pre-download information on issues that are important to consumers.” For example, according to the report, few of the in-store purchase apps provided any information prior to download explaining consumers’ liability or describing the app’s process for handling payment-related disputes. In addition, according to the FTC, most linked privacy policies “used vague language that reserved broad rights to collect, use, and share consumer data, making it difficult for readers to understand how the apps actually used consumer data or to compare the apps’ data practices.” The FTC staff recommends that companies that provide mobile shopping apps to consumers: (i) disclose consumers’ rights and liability limits for unauthorized, fraudulent, or erroneous transactions; (ii) clearly describe how they collect, use, and share consumer data; and (iii) ensure that their strong data security promises translate into strong data security practices. The report also includes recommended practices for consumers.
On July 23, the CFPB, the FTC, and 15 state authorities coordinated to take action against foreclosure relief companies and associated individuals alleged to have employed deceptive marketing tactics to obtain business from distressed borrowers. The CFPB filed three suits, the FTC filed six, and the state authorities collectively initiated 32 actions. For example, the CFPB claims the defendants (i) collected fees before obtaining a loan modification; (ii) inflated success rates and likelihood of obtaining a modification; (iii) led borrowers to believe they would receive legal representation; and (iv) made false promises about loan modifications to consumers. The CFPB and FTC allege that the defendants violated Regulation O, formerly known as the Mortgage Assistance Relief Services (MARS) Rule, and that some of the defendants also violated the Dodd-Frank Act’s UDAAP provisions and Section 5 of the FTC Act, respectively. The state authorities are pursuing similar claims under state law. For example, New York Attorney General Eric Schneiderman announced that he served a notice of intent to bring litigation against two companies and an individual for operating a fraudulent mortgage rescue and loan modification scheme that induced consumers into paying large upfront fees but failed to help homeowners avoid foreclosure.
On May 27, the FTC released a report that claims—based on a study of nine data brokers—that data brokers generally operate with a “fundamental lack of transparency.” The FTC describes data brokers as companies that collect personal information about consumers from a wide range of sources and then provide that data for purposes of verifying an individual’s identity, marketing products, and detecting fraud or otherwise mitigating risk. The report is based in part on the nine brokers’ responses to FTC orders that required the brokers to provide information about: (i) the nature and sources of the consumer information the data brokers collect; (ii) how they use, maintain, and disseminate the information; and (iii) the extent to which the data brokers allow consumers to access and correct their information or to opt out of having their personal information sold or shared. The report summarizes the companies’ data acquisition processes, their product development and the types of products they provide, the quality of the data collected and sold, the types of clients to whom the data is sold, and consumer controls over the information. The FTC recommends that Congress consider enacting data broker legislation that would, among other things: (i) require data brokers to give consumers access to their data and the ability to opt out of having it shared for marketing purposes; (ii) require data brokers to clearly disclose that they not only use raw data, but that they also derive certain inferences from the data; (iii) address gaps in FCRA to provide consumers with transparency when a company uses a data broker’s risk mitigation product that limits a consumer’s ability to complete a transaction; and (iv) require brokers who offer people search products to allow consumers to access their own information and opt out of the use of that information, and to disclose the sources of the information and any limitations of the opt out.
On May 1, the White House’s working group on “big data” and privacy published a report on the findings of its 90-day review. In addition to considering privacy issues associated with big data, the group assessed the relationship between big data and discrimination, concluding, among other things, that “there are new worries that big data technologies could be used to ‘digitally redline’ unwanted groups, either as customers, employees, tenants, or recipients of credit” and that “big data could enable new forms of discrimination and predatory practices.” The report adds, “[t]he same algorithmic and data mining technologies that enable discrimination could also help groups enforce their rights by identifying and empirically confirming instances of discrimination and characterizing the harms they caused.” The working group recommends that the DOJ, the CFPB, and the FTC “expand their technical expertise to be able to identify practices and outcomes facilitated by big data analytics that have a discriminatory impact on protected classes, and develop a plan for investigating and resolving violations of law in such cases,” and adds that the President’s Council of Economic Advisers should assess “the evolving practices of differential pricing both online and offline, assess the implications for efficient operations of markets, and consider whether new practices are needed to ensure fairness.” The working group suggests that federal civil rights offices and the civil rights community should collaborate to “employ the new and powerful tools of big data to ensure that our most vulnerable communities are treated fairly.” With regard to privacy the report states that the “ubiquitous collection” of personal information and data, combined with the difficulty of keeping data anonymous, require policymakers to “look closely at the notice and consent framework that has been a central pillar of how privacy practices have been organized for more than four decades.” Among its policy recommendations, the working group urges (i) enactment of a Consumer Privacy Bill of Rights, informed by a Department of Commerce public comment process, and (ii) the adoption of a national data breach bill along the lines of the Administration’s May 2011 Cybersecurity legislative proposal. It also calls for data brokers to provide more transparency and consumer control of data.
FTC Settles Suit Against Tribe-Affiliated Lenders; Dispute Over CFPB Investigation Of Tribe-Affiliated Lenders Moves To Federal Court
On April 11, the FTC announced that a tribe-affiliated payday lending operation and its owner agreed to pay nearly $1 million to resolve allegations that they engaged in unfair and deceptive acts or practices and violated the Credit Practices Rule in the collection of payday loans. The FTC alleged that the lenders illegally tried to garnish borrowers’ wages and sought to force borrowers to travel to South Dakota to appear before a tribal court, and that the loan contracts issued by the lenders illegally stated that they are subject solely to the jurisdiction of the Cheyenne River Sioux Tribe. The announced settlement payment includes a $550,000 civil penalty and a court order to disgorge $417,740. The companies and their owner also are prohibited from further unfair and deceptive practices and are barred from suing any consumer in the course of collecting a debt, except for bringing a counter suit to defend against a suit brought by a consumer.
Also on April 11, in a separate matter related to federal authority over tribe-affiliated lending, a group of tribe-affiliated lenders responded in opposition to a recent CFPB petition to enforce civil investigative demands (CIDs) the Bureau issued to the lenders. In September 2013, the CFPB denied the lenders’ joint petition to set aside the CIDs, rejecting the lenders’ primary argument that the CFPB lacks authority over businesses chartered under the sovereign authority of federally recognized Indian Tribes. The lenders subsequently refused to respond to the CIDs, which the CFPB now asks the court to enforce. The CFPB argues that the lenders fall within the CFPB’s investigative authority under the terms of the Consumer Financial Protection Act, which the CFPB argues is a law of general applicability, including with regard to Indian Tribes and their property interests. The lenders continue to assert that they are sovereign entities operating beyond the CFPB’s reach.
On April 17, the FTC announced it is seeking additional public comments on issues explored during a 2013 forum on mobile security. The announcement includes a series of specific questions within the following categories: (i) secure platform design; (ii) secure distribution channels; (iii) secure development practices; and (iv) security lifecycle and updates. The announcement indicates that the FTC is planning a report based on the forum and this subsequent information request. Comments are due by May 30, 2014.