So you’re a fintech startup, buying a fintech company, or expanding the technical capabilities of your financial business. Or you’re a tech company that is getting into the payments space. Where do you start when it comes to figuring out what consumer protection laws apply to you? You should be aware that, for the past several years, the Federal Trade Commission (FTC) and the Consumer Financial Protection Bureau (CFPB) have been actively enforcing consumer protection laws in the fintech space. For example, the FTC has recently brought cases involving an online lender that allegedly charged undisclosed fees, a mobile banking app that falsely promised high interest rates and 24/7 access to funds, promoters of cryptocurrency money-making schemes, and tech platforms offering in-app purchases. The CFPB most recently shuttered a VC-backed online lender for false advertising related to interest rates and loan amounts. Earlier last year, the CFPB had obtained refunds and a civil penalty against a fintech company for enabling merchants to obtain loans for consumers without their authorization. Continue Reading
The U.S. Supreme Court’s April 2021 decision in the AMG matter significantly limited the Federal Trade Commission’s (FTC’s) ability to seek monetary redress for consumers under the FTC Act, relief the FTC had successfully obtained for over four decades. Since the Supreme Court announced its decision, the FTC has been deploying new strategies to return money to consumers harmed by unfair or deceptive practices and to otherwise deter such conduct through civil penalties. Companies should pay close attention to these strategies, as they provide a roadmap for future investigations and enforcement. These strategies include the following: Continue Reading
On December 6, 2021, the Belgian Data Protection Authority (Belgian DPA) issued its recommendation on biometric data processing (Recommendation). The Recommendation provides guidance on how to comply with the General Data Protection Regulation (GDPR) when processing biometric data. Continue Reading
FTC Activities in 2021 and Likely Trends for 2022
2021 saw the kickoff of the Khan era at the Federal Trade Commission (FTC). During FTC Chair Lina Khan’s first nine months on the job, she has announced privacy and security initiatives that offer important insights into her priorities. Companies should pay close attention to FTC activity in 2021 and public statements from FTC’s leadership to prepare for 2022. Here’s a list of 10 likely trends we can expect to see in 2022 (in no particular order): Continue Reading
On November 10, 2021, the UK Supreme Court ruled that class representatives in data privacy class action suits need to prove damage or distress suffered to be successful. Compensation cannot be granted simply by virtue of proving that a company violated the law. The case was heard under the UK’s pre-2018 data protection law, but the UK GDPR arguably does not change the essence of the Court’s ruling. Continue Reading
On November 26, 2021, the Court of Justice of the European Union (CJEU) held that the display of advertising messages in an email inbox, in a form similar to an email, constitutes direct marketing and requires users’ consent under the ePrivacy Directive.
The CJEU also held that this practice constitutes ‘persistent and unwanted solicitations’ under the Unfair Commercial Practices Directive when those advertising messages are displayed to users without prior consent, on a frequent and regular basis. Continue Reading