CFPB

Subscribe to CFPB

On October 18, the CFPB sued a software company for utilizing their online payment platform to enroll unknowing consumers into annual subscriptions through deceptive acts and “dark pattern” techniques in violation of the CFPA and EFTA. Among other things, the complaint alleges that the company encouraged consumers to unknowingly enroll in free trials and converted the free trials into annual subscriptions through a “negative option” renewal policy (our sister blog covered “negative option” marketing in a previous post here). During this process, the company allegedly collected consumers’ registration information and consumer payments data (e.g., credit or debit card number) so that it could transmit the consumer payments data through its payments systems. Continue Reading CFPB Sues Payment Platform Over Dark Patterns

The CFPB recently published a circular clarifying liability under consumer financial protection law for financial companies that fail to safeguard consumer data. The circular describes how firms may be violating the CFPA’s prohibition on unfair acts or practices with respect to the handling of consumer data by not implementing adequate measures to protect against data security incidents. According to the CFPB. in the event of large scale, customer-base-wide breaches, consumers may become victims of targeted identify theft.Continue Reading CFPB: Safeguard Consumer Data or Face Liability

The Consumer Financial Protection Bureau (CFPB) recently released a set of Consumer Protection Principles aimed at the Fintech field. The Principles describe obligations when sharing or aggregating consumer financial information. The CFPB regulates and enforces consumer financial laws, and issued this release as part of its review of the Fintech industry. These Principles follow a request for information that the CFPB issued late last year, as well as insights from stakeholders that the CFPB summarized at the time it released the Principles.
Continue Reading CFPB Provides Guidance on Consumer Data Protection