Shaping Consumer Protection: What to Expect from Incoming Chairman Ferguson’s FTC

By Christopher Olsen, Maneesha Mithal & Taylor Stenberg Erb on December 19, 2024

On December 10, 2024, President-elect Trump named FTC Commissioner Andrew Ferguson as next Chairman of the Federal Trade Commission (FTC), replacing Chair Lina Khan on January 20, 2025. As a Senate-approved sitting Commissioner, he will not need Senate approval to assume the role of Chairman. President-elect Trump also named Mark Meador as a Commissioner to fill the slot currently occupied by Chair Khan. Meador is a former staff member for Senator Mike Lee (R-UT). He has experience serving at the FTC, having spent five years at the beginning of his career working on antitrust cases at the agency.Continue Reading Shaping Consumer Protection: What to Expect from Incoming Chairman Ferguson’s FTC

CFPB Issues Proposed Rule to Cover Data Brokers Under the Fair Credit Reporting Act

By Christopher Olsen, Maneesha Mithal, Libby Weingarten, Jess Cheng & Taylor Stenberg Erb on December 12, 2024

Posted in Regulatory

On December 3, 2024, the Consumer Financial Protection Bureau (CFPB) announced its highly anticipated and controversial proposed rule that primarily aims to bring data brokers within the scope of the Fair Credit Reporting Act (FCRA). Data brokers have long argued that they do not furnish “consumer reports,” and thus do not constitute “consumer reporting agencies” subject to the FCRA’s obligations. The CFPB catalogues the harms that have resulted from such a stance; namely, risks to national security, financial well-being, and personal safety when data brokers sell information to countries of concern, scammers, or stalkers. The proposed rule seeks to cover data brokers by clarifying key provisions within the definition of “consumer report.” The proposed rule also aims to shore up consumer protections under the FCRA by interpreting the definition of “consumer reporting agency” more broadly and permissible purposes for furnishing consumer reports more narrowly, such as consumer consent and legitimate business needs. The CFPB seeks public comment on the proposed rule, which must be received on or before March 3, 2025.Continue Reading CFPB Issues Proposed Rule to Cover Data Brokers Under the Fair Credit Reporting Act

FTC Files Consumer Protection Complaint Against GOAT

By Maneesha Mithal, Christopher Olsen & Kristen Abram on December 10, 2024

Posted in Uncategorized

On December 2, 2024, the Federal Trade Commission (FTC) announced it had filed a complaint against GOAT, an online retailer of sneakers, apparel, and accessories. In the complaint, the FTC alleged, among other things, that GOAT failed to honor its “Buyer Protection” policy for consumers who received deficient products. The FTC also alleged that GOAT failed to offer consumers whose products were delayed beyond the promised delivery period a clear and conspicuous way to consent to the delay or cancel the order in exchange for a refund. Furthermore, the FTC alleged that consumers were forced to repeatedly contact customer service for relief, and often received inadequate refunds.Continue Reading FTC Files Consumer Protection Complaint Against GOAT

Preparing for the UK’s New Online Safety Regime: Timeline and Key Phases

By Nikolaos Theodorakis, Tom Evans & Matthew Nuding on November 26, 2024

Posted in Cybersecurity

The UK’s Online Safety Act (OSA) is a landmark law that will require companies to make online services “safe by design” for all individuals, with a particularly high standard of protection required for children. The OSA was enacted in 2023, and its obligations will come into force in phases throughout 2025 and 2026. This blog post explains how the law will be brought into force, and what companies can do to prepare.Continue Reading Preparing for the UK’s New Online Safety Regime: Timeline and Key Phases

California’s Privacy Regulatory Odyssey Continues: Formal CCPA Rulemaking on the Horizon Amidst Expanded Data Broker Requirements

By Edward Holman, Kristen Abram, Maneesha Mithal & Tracy Shapiro on November 18, 2024

Posted in Cybersecurity, Privacy, Regulatory

On November 8, 2024, the California Privacy Protection Agency (CPPA) Board met to discuss and vote on various proposed California Consumer Privacy Act (CCPA) regulations related to cybersecurity audits, automated decision-making technology (e.g., artificial intelligence (AI)), privacy risk assessments, and a wide assortment of other updates to existing CCPA regulations; data broker registration regulations; and the development of the Delete Request and Opt-Out Platform (DROP) required by the Delete Act. The CPPA Board also voted to approve settlements with two data brokers for allegedly failing to register and pay an annual fee as required by the Delete Act.Continue Reading California’s Privacy Regulatory Odyssey Continues: Formal CCPA Rulemaking on the Horizon Amidst Expanded Data Broker Requirements

UK Brings Forward Bill to Reform UK Privacy Laws

By Nikolaos Theodorakis, Tom Evans & Claudia Chan on November 5, 2024

Posted in Privacy

In October 2024, the UK government introduced the Data (Use and Access) Bill (the Data Bill) to Parliament. The Data Bill represents a third attempt by UK ministers to bring about reforms to the UK’s data protection and ePrivacy regimes. If enacted, the Data Bill will introduce changes to the existing regime, including by reducing restrictions on automated decision-making and enhancing powers for the UK’s privacy regulator. It will also lay the groundwork for new “Smart Data” schemes, which will in future require companies operating in certain industries to share data with authorized and regulated third parties.Continue Reading UK Brings Forward Bill to Reform UK Privacy Laws

The Data Advisor