Fintech and Financial Privacy: Regulatory Developments on the Use of Financial Data

By Laura Ahmed and Maneesha Mithal on January 25, 2022 Posted in Cybersecurity, Privacy

So you’re a fintech startup, buying a fintech company, or expanding the technical capabilities of your financial business. Or you’re a tech company that is getting into the payments space. Where do you start when it comes to figuring out what consumer protection laws apply to you? You should be aware that, for the past several years, the Federal Trade Commission (FTC) and the Consumer Financial Protection Bureau (CFPB) have been actively enforcing consumer protection laws in the fintech space. For example, the FTC has recently brought cases involving an online lender that allegedly charged undisclosed fees, a mobile banking app that falsely promised high interest rates and 24/7 access to funds, promoters of cryptocurrency money-making schemes, and tech platforms offering in-app purchases. The CFPB most recently shuttered a VC-backed online lender for false advertising related to interest rates and loan amounts. Earlier last year, the CFPB had obtained refunds and a civil penalty against a fintech company for enabling merchants to obtain loans for consumers without their authorization. Continue Reading

FTC Consumer Protection Remedies After the U.S. Supreme Court’s AMG Decision

By Maneesha Mithal on January 19, 2022 Posted in Privacy

The U.S. Supreme Court’s April 2021 decision in the AMG matter significantly limited the Federal Trade Commission’s (FTC’s) ability to seek monetary redress for consumers under the FTC Act, relief the FTC had successfully obtained for over four decades. Since the Supreme Court announced its decision, the FTC has been deploying new strategies to return money to consumers harmed by unfair or deceptive practices and to otherwise deter such conduct through civil penalties. Companies should pay close attention to these strategies, as they provide a roadmap for future investigations and enforcement. These strategies include the following: Continue Reading

Belgian Data Protection Authority Clarifies Key Rules on Biometric Data Processing

By Laura Brodahl, Laura De Boel and Joanna Jużak on January 18, 2022 Posted in Cybersecurity, Privacy

On December 6, 2021, the Belgian Data Protection Authority (Belgian DPA) issued its recommendation on biometric data processing (Recommendation).^[1] The Recommendation provides guidance on how to comply with the General Data Protection Regulation (GDPR) when processing biometric data. Continue Reading

2021 Privacy and Cybersecurity Year in Review

By Maneesha Mithal on January 12, 2022 Posted in Cybersecurity, Privacy

FTC Activities in 2021 and Likely Trends for 2022

2021 saw the kickoff of the Khan era at the Federal Trade Commission (FTC). During FTC Chair Lina Khan’s first nine months on the job, she has announced privacy and security initiatives that offer important insights into her priorities. Companies should pay close attention to FTC activity in 2021 and public statements from FTC’s leadership to prepare for 2022. Here’s a list of 10 likely trends we can expect to see in 2022 (in no particular order): Continue Reading

European Court of Justice Finds That “Inbox Advertising” Is Direct Marketing

By Alexandre Lépine, Cédric Burton and Libby Weingarten on December 6, 2021 Posted in European Union, Privacy

On November 26, 2021, the Court of Justice of the European Union (CJEU) held^[1] that the display of advertising messages in an email inbox, in a form similar to an email, constitutes direct marketing and requires users’ consent under the ePrivacy Directive.^[2]

The CJEU also held that this practice constitutes ‘persistent and unwanted solicitations’ under the Unfair Commercial Practices Directive^[3] when those advertising messages are displayed to users without prior consent, on a frequent and regular basis. Continue Reading