Libby Weingarten

Subscribe to Libby Weingarten's Posts

On April 21, 2025, the Federal Trade Commission (FTC) announced that it had filed a complaint against Uber Technologies, Inc. and Uber USA LLC (collectively, Uber), a rideshare and delivery company. Among other things, the FTC alleges in its complaint that Uber violated Section 5 of the FTC Act and the Restore Online Shoppers’ Confidence Act (ROSCA) by charging consumers for its Uber One subscription service without their consent and making it difficult for users to cancel the service despite its “cancel anytime” promises.Continue Reading FTC Files Consumer Protection Complaint Against Uber for Deceptive Billing and Cancellation Practices

Companies that may have child users, or whose competitors have child users, take note. On January 16, 2025, the Federal Trade Commission (FTC) announced the final amendments to the Children’s Online Privacy Protection Rule (COPPA Rule). At a high level, the COPPA Rule requires websites or online services to provide notice and obtain verifiable parental consent before collecting information from children under the age of 13. The Rule’s amendments slightly expand the Rule’s scope, change the previous notice and consent provisions, and implement new data security requirements. Violations of the Rule would be subject to $53,088 in civil penalties per violation.Continue Reading New Federal Children’s Privacy Requirements Are Not Child’s Play: FTC Amends COPPA Rule, Imposing New Obligations on Child-Directed Services

On December 3, 2024, the Consumer Financial Protection Bureau (CFPB) announced its highly anticipated and controversial proposed rule that primarily aims to bring data brokers within the scope of the Fair Credit Reporting Act (FCRA). Data brokers have long argued that they do not furnish “consumer reports,” and thus do not constitute “consumer reporting agencies” subject to the FCRA’s obligations. The CFPB catalogues the harms that have resulted from such a stance; namely, risks to national security, financial well-being, and personal safety when data brokers sell information to countries of concern, scammers, or stalkers. The proposed rule seeks to cover data brokers by clarifying key provisions within the definition of “consumer report.” The proposed rule also aims to shore up consumer protections under the FCRA by interpreting the definition of “consumer reporting agency” more broadly and permissible purposes for furnishing consumer reports more narrowly, such as consumer consent and legitimate business needs. The CFPB seeks public comment on the proposed rule, which must be received on or before March 3, 2025.Continue Reading CFPB Issues Proposed Rule to Cover Data Brokers Under the Fair Credit Reporting Act

Companies that automatically renew customers’ subscriptions or memberships, take note. On October 16, 2024, the Federal Trade Commission (FTC) announced sweeping amendments to the Negative Option Rule, which would apply to a host of subscription-based products and services that have an auto-renewal feature (i.e., a negative option offering), including those directed to businesses. The Rule includes specific and prescriptive requirements, such as requirements to 1) obtain consumers’ affirmative consent to an auto renewal feature “separate from any other portion of the transaction,” 2) present all material terms of the transaction “immediately adjacent to” the means of recording consumer consent, and 3) allow for simple cancellation in the same medium the consumer used to consent, noting that a chatbot cancellation method would not be acceptable unless the initial transaction was made through a chatbot. Violations of the Rule would be subject to $51,744 in civil penalties per violation.Continue Reading Subscription and Auto-Renew Offerings Face New Hurdles: FTC Issues Broad “Click-to-Cancel” Rule Imposing Nationwide Requirements

On October 1, 2024, the Maryland Age-Appropriate Design Code (Maryland AADC) became effective. The Maryland AADC introduces onerous new compliance requirements on companies that are reasonably likely to be accessed by minors under the age of 18.Continue Reading Maryland Age-Appropriate Design Code Effective October 1, 2024

On May 16, 2024, the U.S. Securities and Exchange Commission (SEC) announced that it had adopted final amendments to its Regulation S-P (the Rule or Amended Rule), which governs “covered financial institutions’” treatment of consumers’ nonpublic personal information, to ensure that these entities implement incident response programs and notify consumers when their information has been compromised. Brokers, dealers, investment companies, investment advisers, crowdfunding portals, and transfer agents registered with the SEC or another appropriate regulatory agency are all considered covered institutions (CIs) under the Amended Rule.Continue Reading SEC Expands Security and Breach Notification Requirements for Investment Firms

On May 9, 2024, Maryland Governor Wes Moore signed HB 603, the Maryland Age-Appropriate Design Code (Maryland AADC). The Maryland AADC builds on Maryland’s Online Data Privacy Act, which was signed into law the same day and requires companies to provide certain protections for personal data of a consumer when the company knows or has reason to know the consumer is a child under the age of 13.1 The Maryland AADC layers on additional requirements for “covered entities” and expands the definition of “child” to include individuals under the age of 18.Continue Reading Maryland Passes Age-Appropriate Design Code