Regulatory

Subscribe to Regulatory via RSS

On April 12, 2022, the U.S. Consumer Financial Protection Bureau (CFPB) filed a lawsuit against TransUnion, two of its subsidiaries, and former TransUnion executive John Danaher in his individual capacity for violating an enforcement order. That order, from January 2017, was part of a settlement in which TransUnion agreed to pay $16.9 million in restitution and civil penalties for deceptively marketing credit scores and credit-related products, such as credit monitoring services.
Continue Reading Consumer Financial Protection Bureau Alleges Dark Patterns in Advertising of Financial Products; Files Suit Against TransUnion and Senior Executive for Violating Order

On April 19, 2022, the BBB National Programs’ Center (BBB NP) for Industry Self-Regulation launched the TeenAge Privacy Program (TAPP) Roadmap, a new operational framework to help companies develop digital products and services attuned to privacy risks facing teenage consumers. In the United States, children 12 and under are protected by the Children’s Online Privacy Protection Act (COPPA). Once these children become teenagers, they age out of COPPA’s protections and, with limited exceptions, are treated as adults online. Yet a growing body of research indicates that these teenage consumers are uniquely affected by privacy risks resulting in harms ranging from cyberbullying, to platform addiction, to amplified insecurities.1 Regulators are increasingly interested in investigating these harms. For instance, in a widely publicized incident, a coalition of state Attorneys General recently opened an investigation into Instagram following news reports of a whistleblower’s allegations that Facebook’s privacy practices harmed teenage users. Despite increased public and regulatory scrutiny, no federal law has been enacted to provide companies with guidance on these issues. While it is not legally binding, the TAPP Roadmap aims to help fill this guidance gap by providing organizations with concrete operational considerations and best practices to address teen privacy risks.
Continue Reading BBB National Programs’ Center for Industry Self-Regulation Launches Roadmap for Teen Privacy

On April 12, 2022, the Colorado Attorney General’s Office released “Pre-Rulemaking Considerations for the Colorado Privacy Act,” which provides a series of topics and questions for which the office seeks informal public feedback.1 Here is what you need to know:

  • The Colorado Attorney General’s Office is currently seeking informal input to guide its future rulemaking efforts. While, at this phase, public input will not be considered part of the official rulemaking record, the AG’s office “hopes to hear from a diverse group of stakeholders to guide the drafting of balanced and impactful regulations.”
  • The AG’s office identified eight specific topics—each with several targeted questions—for which “pre-rulemaking feedback will be particularly beneficial.” However, the public is permitted to offer input on any aspect of the upcoming rulemaking.
  • Feedback is being collected through a publicly available comment form and at a series of informal listening sessions.
  • This fall, the AG’s office will begin the formal notice-and-comment rulemaking by providing a notice of rulemaking and accompanying draft regulations.

Continue Reading Colorado Attorney General Issues Pre-Rulemaking Considerations for the Colorado Privacy Act

The European Union (EU) will soon be handed sweeping new rules to regulate the conduct of the largest digital platforms with the long-awaited Digital Markets Act (DMA). Following 15 months of intense negotiations on amendments to the original Proposal, the presidents of the main EU institutions (the Parliament, Council, and Commission) reached a political agreement on the final text of the DMA on March 24, 2022. The final vote is planned for July 2022, with the rules expected to come into effect in October 2022. It is expected that designated gatekeepers will need to comply by early 2024.
Continue Reading EU Adopts New Rules to Significantly Limit the Power of Tech Platforms

On March 25, 2022, the U.S. and EU announced that they reached a political agreement in principle on a new “Trans-Atlantic Data Privacy Framework” (the Framework). This would be the third framework for EU-U.S. personal data transfers, after the invalidation of the Privacy Shield in 2020 and of its predecessor, the Safe Harbor, in 2015. The new Framework is yet to be set out in legal documents, which will need to be negotiated and adopted. Timing for the adoption remains unclear.
Continue Reading Political Agreement on a New Framework for EU-U.S. Personal Data Transfers

As the United States cautiously emerges from the depths of the pandemic, researchers are forecasting double-digit gains in ad spending for 2022. If you’re part of the wave of companies developing new advertising campaigns, you’ll want to brush up on legal requirements designed to ensure that your ads are truthful, fair, and evidence-based. Failure to follow these rules can lead to regulator or competitive lawsuits, reputational harm, loss of consumer trust, significant fines or damages, and in some cases, requirements for corrective disclosures.
Continue Reading Rules of the Road for Advertisers and Marketers: The Basics