Tag: Consumer Protection

FTC Issues Report to Congress Highlighting Collaboration with State Attorneys General

On April 10, 2024, the Federal Trade Commission issued a report to Congress on the agency’s collaboration with state attorneys general highlighting current cooperative law enforcement efforts, best practices to ensure continued collaboration and legislative recommendations to enhance such efforts.

The report, directed by the FTC Collaboration Act of 2021, “Working Together to Protect Consumers: A Study and Recommendations on FTC Collaboration with the State Attorneys General” makes legislative recommendations that would enhance these efforts, including reinstating the Commission’s authority to seek money for defrauded consumers and providing it with the independent authority to seek civil penalties.

“Today’s consumer protection challenges require an all-hands-on-deck response, and our report details how the FTC is working closely with state enforcers to share information, stop fraud, and ensure fairness in the marketplace,” said FTC attorney Samuel Levine, Director of the Bureau of Consumer Protection. “We look forward to seeking new opportunities to strengthen these ties and confront the challenges of the future.”

In June 2023, the Commission announced a request for public information (RFI) seeking public comments and suggestions on ways it can work more effectively with state AGs to help educate consumers about, and protect them from, potential fraud. After reviewing and analyzing the comments received, the agency developed the report to Congress issued today. The report is divided into three sections: 1) The FTC’s Existing Collaborative Efforts with State
Attorneys General to Prevent, Publicize, and Penalize Frauds and Scams; 2) Recommended Best Practices to Enhance Collaboration; and 3) Legislative Recommendations to Enhance Collaboration Efforts.

The first section lays out the roles and responsibilities of the FTC and state AGs in protecting consumers from frauds and scams, provides an overview of their respective law enforcement authority, and discusses how federal and state enforcers share their information and expertise to facilitate effective communication and cooperation. It also provides a breakdown of the FTC’s
structure and a description of the Consumer Sentinel consumer complaint database, the largest such information-sharing network in the United States.

The second section details best practices used to enhance strong information-sharing between the FTC and its state law enforcement partners, discusses how the Commission coordinates joint and parallel enforcement actions with state AGs and other state consumer protection agencies, and presents ideas on expanding the sharing of expertise and technical resources between agencies.

Finally, the third section stresses the legislative need to restore the FTC’s Section 13(b) authority to seek equitable monetary refunds for injured consumers, presents ways to enhance collaboration and conserve resources by providing the FTC with the independent authority to seek civil penalties, and describes the agency’s need for clear authority to pursue legal actions against those who assist and facilitate unfair or deceptive acts or practices.

The Commission vote approving the report to Congress was 3-0-2, with Commissioners Melissa Holyoak and Andrew N. Ferguson not participating. Chair Lina M. Khan issued a separate statement, in which she was joined by Commissioners Rebecca Kelly Slaughter and Alvaro M. Bedoya. Commissioner Slaughter also issued a separate statement.

© 2024 Hinch Newman LLP
For more news on FTC’s collaboration with state attorneys, visit the NLR Antitrust & Trade Regulation section.

California PFAS Ban in Products: 6th Largest Global Economy Enters the Fray

We reported extensively on the landmark legislation passed in Maine in 2021 and Minnesota in 2023, which were at the time the most far-reaching PFAS ban in the United States. Other states, including Massachusetts and Rhode Island, have subsequently introduced legislation similar to Maine and Minnesota’s regulations. While we have long predicted that the so-called “all PFAS / all products” legislative bans will become the trend at the state levels, it is significant to note that California, the world’s sixth largest economy, recently introduced a similar proposed PFAS ban for consumer products.

The California proposed legislation, coupled with the existing legislation passed or on the table, will have enormous impacts on companies doing business in or with the state of California, as well as on likely future consumer goods personal injury lawsuits. The California PFAS ban must therefore not be overlooked in companies’ compliance and product development departments.

California PFAS Ban

California’s SB 903 in its current form would prohibit for sale (or offering for sale) any products that contain intentionally added PFAS. A “product” is defined as “an item manufactured, assembled, packaged, or otherwise prepared for sale in California, including, but not limited to, its components, sold or distributed for personal, residential, commercial, or industrial use, including for use in making other products.” It further defines “component” as “an identifiable ingredient, part, or piece of a product, regardless of whether the manufacturer of the product is the manufacturer of the component.”

While the effective date of SB 903’s prohibition would be January 1, 2030, the bill gives the California Department of Toxic Substances Control (“DTSC”) the authority to prohibit intentionally added PFAS in a product before the 2030 effective date. It also allows DTSC to categorize PFAS in a product as an “unavoidable use”, thereby effectively creating an exemption to the bill’s ban, although California exemption would be limited to five years in duration. Similar carve outs were also included in the Maine and Minnesota bans. In each instance, certain information must be provided to the state to obtain an “unavoidable use” exemption. In California, an “unavoidable use” exemption would only be granted if:

  1. There are no safer alternatives to PFAS that are reasonably available.
  2. The function provided by PFAS in the product is necessary for the product to work.
  3. The use of PFAS in the product is critical for health, safety, or the functioning of society.

If a company sells a products containing PFAS in the state of California in violation of the proposed law, companies would be assessed a $1,000 per day penalty for each violation, a maximum of $2,500 per day for repeat offenders, and face possible Court-ordered prohibition of sales for violating products.

Implications To Businesses From The Minnesota PFAS Legislation

First and foremost of concern to companies is the compliance aspect of the California law. The state continues to modify and refine key definitions of the regulation, resulting in companies needing to consider the wording implications on their reporting requirements. In addition, some companies find themselves encountering supply chain disclosure issues that will impact reporting to the state of California, which raises the concern of accuracy of reporting by companies. Companies and industries are also very concerned that the information that is being gathered will provide a legacy repository of valuable information for plaintiffs’ attorneys who file future products liability lawsuits for personal injury, not only in the state of California, but in any state in which the same products were sold.

It is of the utmost importance for businesses along the whole supply chain to evaluate their PFAS risk. Public health and environmental groups urge legislators to regulate these compounds. One major point of contention among members of various industries is whether to regulate PFAS as a class or as individual compounds. While each PFAS compound has a unique chemical makeup and impacts the environment and the human body in different ways, some groups argue PFAS should be regulated together as a class because they interact with each other in the body, thereby resulting in a collective impact. Other groups argue that the individual compounds are too diverse and that regulating them as a class would be over restrictive for some chemicals and not restrictive enough for others.

Companies should remain informed so they do not get caught off guard. Regulators at both the state and federal level are setting drinking water standards and notice requirements of varying stringency, and states are increasingly passing PFAS product bills that differ in scope. For any manufacturers, especially those who sell goods interstate, it is important to understand how those various standards will impact them, whether PFAS is regulated as individual compounds or as a class. Conducting regular self-audits for possible exposure to PFAS risk and potential regulatory violations can result in long term savings for companies and should be commonplace in their own risk assessment.

©2024 CMBG3 Law, LLC. All rights reserved.
For more news on PFAS Ban in California, visit the NLR Environmental, Energy & Resources section.

Multistate Coalition Supports EPA’s Proposed Revisions to the Safer Choice Standard

As reported in our December 5, 2023, memorandum, the U.S. Environmental Protection Agency (EPA) proposed updates to the Safer Choice Standard on November 14, 2023, that include a name change to the Safer Choice and Design for the Environment (DfE) Standard (Standard), an update to the packaging criteria, the addition of a Safer Choice certification for cleaning service providers, a provision allowing for preterm partnership termination under exceptional circumstances, and the addition of several product and functional use class requirements. 88 Fed. Reg. 78017. On January 16, 2024, California Attorney General Rob Bonta announced that, alongside a coalition of 12 attorneys general, he submitted a comment letter that:

  • Supports EPA’s proposed revisions to its Safer Choice Standard;
  • Recommends that EPA not allow products with plastic primary packaging to use the Safer Choice label or DfE logo;
  • Recommends that if EPA does allow products with plastic primary packaging to use the label and logo, EPA should prohibit the use of chemical recycling in meeting the proposed standard’s plastic packaging recycled content requirements; and
  • Calls on EPA to exclude any products or packaging that contain any per- and polyfluoroalkyl substances (PFAS), “whether intentionally introduced or not.”
©2024 Bergeson & Campbell, P.C.
For more news on EPA’s Safer Choice Standard, visit the NLR Environmental, Energy & Resources section.

Exploring the Future of Information Governance: Key Predictions for 2024

Information governance has evolved rapidly, with technology driving the pace of change. Looking ahead to 2024, we anticipate technology playing an even larger role in data management and protection. In this blog post, we’ll delve into the key predictions for information governance in 2024 and how they’ll impact businesses of all sizes.

  1. Embracing AI and Automation: Artificial intelligence and automation are revolutionizing industries, bringing about significant changes in information governance practices. Over the next few years, it is anticipated that an increasing number of companies will harness the power of AI and automation to drive efficient data analysis, classification, and management. This transformative approach will not only enhance risk identification and compliance but also streamline workflows and alleviate administrative burdens, leading to improved overall operational efficiency and effectiveness. As organizations adapt and embrace these technological advancements, they will be better equipped to navigate the evolving landscape of data governance and stay ahead in an increasingly competitive business environment.
  2. Prioritizing Data Privacy and Security: In recent years, data breaches and cyber-attacks have significantly increased concerns regarding the usage and protection of personal data. As we look ahead to 2024, the importance of data privacy and security will be paramount. This heightened emphasis is driven by regulatory measures such as the California Consumer Privacy Act (CCPA) and the European Union’s General Data Protection Regulation (GDPR). These regulations necessitate that businesses take proactive measures to protect sensitive data and provide transparency in their data practices. By doing so, businesses can instill trust in their customers and ensure the responsible handling of personal information.
  3. Fostering Collaboration Across Departments: In today’s rapidly evolving digital landscape, information governance has become a collective responsibility. Looking ahead to 2024, we can anticipate a significant shift towards closer collaboration between the legal, compliance, risk management, and IT departments. This collaborative effort aims to ensure comprehensive data management and robust protection practices across the entire organization. By adopting a holistic approach and providing cross-functional training, companies can empower their workforce to navigate the complexities of information governance with confidence, enabling them to make informed decisions and mitigate potential risks effectively. Embracing this collaborative mindset will be crucial for organizations to adapt and thrive in an increasingly data-driven world.
  4. Exploring Blockchain Technology: Blockchain technology, with its decentralized and immutable nature, has the tremendous potential to revolutionize information governance across industries. By 2024, as businesses continue to recognize the benefits, we can expect a significant increase in the adoption of blockchain for secure and transparent transaction ledgers. This transformative technology not only enhances data integrity but also mitigates the risks of tampering, ensuring trust and accountability in the digital age. With its ability to provide a robust and reliable framework for data management, blockchain is poised to reshape the way we handle and secure information, paving the way for a more efficient and trustworthy future.
  5. Prioritizing Data Ethics: As data-driven decision-making becomes increasingly crucial in the business landscape, the importance of ethical data usage cannot be overstated. In the year 2024, businesses will place even greater emphasis on data ethics, recognizing the need to establish clear guidelines and protocols to navigate potential ethical dilemmas that may arise. To ensure responsible and ethical data practices, organizations will invest in enhancing data literacy among their workforce, prioritizing education and training initiatives. Additionally, there will be a growing focus on transparency in data collection and usage, with businesses striving to build trust and maintain the privacy of individuals while harnessing the power of data for informed decision-making.

The future of information governance will be shaped by technology, regulations, and ethical considerations. Businesses that adapt to these changes will thrive in a data-driven world. By investing in AI and automation, prioritizing data privacy and security, fostering collaboration, exploring blockchain technology, and upholding data ethics, companies can prepare for the challenges and opportunities of 2024 and beyond.

Jim Merrifield, Robinson+Cole’s Director of Information Governance & Business Intake, contributed to this report.

Copyright © 2023 Robinson & Cole LLP. All rights reserved.
For more on Information Governance, visit the NLR Communications, Media & Internet section.

Under the GDPR, Are Companies that Utilize Personal Information to Train Artificial Intelligence (AI) Controllers or Processors?

The EU’s General Data Protection Regulation (GDPR) applies to two types of entities – “controllers” and “processors.”

A “controller” refers to an entity that “determines the purposes and means” of how personal information will be processed.[1] Determining the “means” of processing refers to deciding “how” information will be processed.[2] That does not necessitate, however, that a controller makes every decision with respect to information processing. The European Data Protection Board (EDPB) distinguishes between “essential means” and “non-essential means.[3] “Essential means” refers to those processing decisions that are closely linked to the purpose and the scope of processing and, therefore, are considered “traditionally and inherently reserved to the controller.”[4] “Non-essential means” refers to more practical aspects of implementing a processing activity that may be left to third parties – such as processors.[5]

A “processor” refers to a company (or a person such as an independent contractor) that “processes personal data on behalf of [a] controller.”[6]

Data typically is needed to train and fine-tune modern artificial intelligence models. They use data – including personal information – in order to recognize patterns and predict results.

Whether an organization that utilizes personal information to train an artificial intelligence engine is a controller or a processor depends on the degree to which the organization determines the purpose for which the data will be used and the essential means of processing. The following chart discusses these variables in the context of training AI:

The following chart discusses these variables in the context of training AI:

Function

Activities Indicative of a Controller

Activities Indicative of a Processor

Purpose of processing

Why the AI is being trained.

If an organization makes its own decision to utilize personal information to train an AI, then the organization will likely be considered a “controller.”

If an organization is using personal information provided by a third party to train an AI, and is doing so at the direction of the third party, then the organization may be considered a processor.

Essential means

Data types used in training.

If an organization selects which data fields will be used to train an AI, the organization will likely be considered a “controller.”

If an organization is instructed by a third party to utilize particular data types to train an AI, the organization may be a processor.

Duration personal information is held within the training engine

If an organization determines how long the AI can retain training data, it will likely be considered a “controller.”

If an organization is instructed by a third party to use data to train an AI, and does not control how long the AI may access the training data, the organization may be a processor.

Recipients of the personal information

If an organization determines which third parties may access the training data that is provided to the AI, that organization will likely be considered a “controller.”

If an organization is instructed by a third party to use data to train an AI, but does not control who will be able to access the AI (and the training data to which the AI has access), the organization may be a processor.

Individuals whose information is included

If an organization is selecting whose personal information will be used as part of training an AI, the organization will likely be considered a “controller.”

If an organization is being instructed by a third party to utilize particular individuals’ data to train an AI, the organization may be a processor.

 

[1] GDPR, Article 4(7).

[1] GDPR, Article 4(7).

[2] EDPB, Guidelines 07/2020 on the concepts of controller and processor in the GDPR, Version 1, adopted 2 Sept. 2020, at ¶ 33.

[3] EDPB, Guidelines 07/2020 on the concepts of controller and processor in the GDPR, Version 1, adopted 2 Sept. 2020, at ¶ 38.

[4] EDPB, Guidelines 07/2020 on the concepts of controller and processor in the GDPR, Version 1, adopted 2 Sept. 2020, at ¶ 38.

[5] EDPB, Guidelines 07/2020 on the concepts of controller and processor in the GDPR, Version 1, adopted 2 Sept. 2020, at ¶ 38.

[6] GDPR, Article 4(8).

©2023 Greenberg Traurig, LLP. All rights reserved.

For more Privacy Legal News, click here to visit the National Law Review.

Montana Passes 9th Comprehensive Consumer Privacy Law in the U.S.

On May 19, 2023, Montana’s Governor signed Senate Bill 384, the Consumer Data Privacy Act. Montana joins California, Colorado, Connecticut, Indiana, Iowa, Tennessee, Utah, and Virginia in enacting a comprehensive consumer privacy law. The law is scheduled to take effect on October 1, 2024.

When does the law apply?

The law applies to a person who conducts business in the state of Montana and:

  • Controls or processes the personal data of not less than 50,000 consumers (defined as Montana residents), excluding data controlled or processed solely to complete a payment transaction.
  • Controls and processes the personal data of not less than 25,000 consumers and derive more than 25% of gross revenue from the sale of personal data.

Hereafter these covered persons are referred to as controllers.

The following entities are exempt from coverage under the law:

  • Body, authority, board, bureau, commission, district, or agency of this state or any political subdivision of this state;
  • Nonprofit organization;
  • Institution of higher education;
  • National securities association that is registered under 15 U.S.C. 78o-3 of the federal Securities Exchange Act of 1934;
  • A financial institution or an affiliate of a financial institution governed by Title V of the Gramm- Leach-Bliley Act;
  • Covered entity or business associate as defined in the privacy regulations of the federal Health Insurance Portability and Accountability Act (HIPAA);

Who is protected by the law?

Under the law, a protected consumer is defined as an individual who resides in the state of Montana.

However, the term consumer does not include an individual acting in a commercial or employment context or as an employee, owner, director, officer, or contractor of a company partnership, sole proprietorship, nonprofit, or government agency whose communications or transactions with the controller occur solely within the context of that individual’s role with the company, partnership, sole proprietorship, nonprofit, or government agency.

What data is protected by the law?

The statute protects personal data defined as information that is linked or reasonably linkable to an identified or identifiable individual.

There are several exemptions to protected personal data, including for data protected under HIPAA and other federal statutes.

What are the rights of consumers?

Under the new law, consumers have the right to:

  • Confirm whether a controller is processing the consumer’s personal data
  • Access Personal Data processed by a controller
  • Delete personal data
  • Obtain a copy of personal data previously provided to a controller.
  • Opt-out of the processing of the consumer’s personal data for the purpose of targeted advertising, sales of personal data, and profiling in furtherance of solely automated decisions that produce legal or similarly significant effects.

What obligations do businesses have?

The controller shall comply with requests by a consumer set forth in the statute without undue delay but no later than 45 days after receipt of the request.

If a controller declines to act regarding a consumer’s request, the business shall inform the consumer without undue delay, but no later than 45 days after receipt of the request, of the reason for declining.

The controller shall also conduct and document a data protection assessment for each of their processing activities that present a heightened risk of harm to a consumer.

How is the law enforced?

Under the statute, the state attorney general has exclusive authority to enforce violations of the statute. There is no private right of action under Montana’s statute.

Jackson Lewis P.C. © 2023

For more Privacy Legal News, click here to visit the National Law Review.

Tempur Sealy Acquisition of Mattress Firm: A Vertical Bridge Too Far for the FTC?

In a deal announced on May 9, Tempur Sealy International, Inc., the world’s largest mattress manufacturer, has agreed to acquire Houston-based Mattress Firm Group, Inc., the largest U.S. brick-and-mortar bedding retailer, with more than 2,300 locations and a robust e-commerce platform. The companies hope to finalize the $40 billion deal in the second half of 2024.

Following pre-merger notification of the deal last October, the FTC is reportedly taking a deep dive into the mattress industry to assess whether the transaction is likely to harm competition. The depth of the investigation itself signals a departure from the antitrust agencies’ traditional approach to “vertical” mergers in which firms in the same industry but in non-overlapping market segments (such as manufacturing and retailing the same product category) benefit from a soft presumption of legality. Customarily, vertical integration was perceived to be benign, if not somehow “efficiency enhancing.”

Whatever the merits of applying such leniency to traditional supply chains of widgets, it does not serve competition policy well in an economy dominated by technology-driven platforms that serve several enormous groups of customers at once. In today’s markets, non-overlapping vertical arrangements can severely affect whether rival firms can gain access to inputs, markets, or prospective customers.

Evidence of the FTC’s awareness of the potential for vertical mergers to cause competitive harm abounds. On September 15, 2021, the FTC withdrew the FTC/Department of Justice 2020 Vertical Merger Guidelines and Commentary. The Commission’s majority said that the 2020 Guidelines included a “flawed discussion of the purported procompetitive benefits (i.e., efficiencies) of vertical mergers, especially its treatment of the elimination of double marginalization” and by failing to address “increasing levels of consolidation across the economy.”

Mattresses and Widgets

A course correction is borne out by the Commission’s recent challenges to several proposed vertical mergers, including Nvidia Corp.’s attempted acquisition of Arm Ltd., Lockheed Martin Corporation’s attempted acquisition of Aerojet Rocketdyne Holdings, Inc., Microsoft Corp.’s acquisition of Activision Blizzard Inc., and Illumina, Inc.’s acquisition of GRAIL, Inc. After the parties abandoned the Nvidia/Arm acquisition, the FTC’s press release was effusive: “This result is particularly significant because it represents the first abandonment of a litigated vertical merger in many years,” the Commission said.

Enter the Tempur Sealy/Mattress Firm transaction, a vertical acquisition in a product category whose markets resemble widgets more than online merchandising or payment networks. Tempur Sealy became the world’s largest mattress manufacturer in 2012, when Tempur-Pedic acquired Sealey Corp. for $1.3 billion. The company currently earns revenues of $5 billion a year, almost a third of the $17 billion U.S. mattress market. Mattress Firm, the largest mattress retailer in the U.S. with annual revenues of $2.5 billion a year, has been owned since 2016 by German retail holding company Steinhoff International Holdings NV. The firm filed for Chapter 11 bankruptcy protection in October 2018, but quickly emerged the following month after closing 700 stores.

The merging parties are no strangers to one another, having engaged in a commercial relationship for the past 35 years. In 2017, Tempur Sealy sued Mattress Firm for selling mattresses that infringed on the Tempur-Pedic line-up, but in 2019, after its emergence from bankruptcy, Mattress Firm and Tempur Sealy struck a long-term partnership agreement. A merger of the two firms has been under discussion in one form or another for most of the past decade.

Public statements by the parties stress the complementarity of the deal, which they describe as combining “Tempur Sealy’s extensive product development and manufacturing capabilities with vertically integrated retail.” The merged entity will end up with about 3,000 retail stores, 30 e-commerce platforms, 71 manufacturing facilities, and 4 R&D facilities around the world. It is the kind of combination of complementary businesses that not long ago might not have even earned a Second Request from the antitrust agencies.

The FTC, which at least since last December has been investigating the potential effects on the mattress industry of a merger between the two market leaders, issued a Second Request earlier this month. By February, the Commission had already interviewed executives from the top 20 mattress manufacturers, according to a report in Furniture Today (February 2, 2023).

Disruptors and Goliaths

The FTC is likely to discover a large and growing global industry undergoing significant changes in how mattresses are designed, marketed, and sold in reaction to changing consumer preferences.

Several online mattress-in-a-box companies have disrupted the industry. Today, nearly half of all consumers purchases are online. They will also find fairly low barriers to entry into both brick-and-mortar and online retailing and mattress manufacturing. Their review of the Tempur Sealy/Mattress Firm transaction will also encounter two players in the market with a long history of cooperation.

With 20 manufacturers significant enough to interview, the Commission would appear to be faced with a fairly competitive market – one in which little or no foreclosure of rivals to the ability to obtain inputs or the availability of channels of distribution to reach consumers will result from the proposed transaction. Additional competitive pressure comes from Amazon, which began selling its own mattresses in 2018 as part of the Amazon Essentials line, and Walmart, which introduced its own mattress-in-box brand, Allswell, available online and in stores.

On balance, the acquisition of Mattress Firm by Tempur Sealy would not appear to raise significant antitrust issues. A challenge to this transaction by the FTC may be a vertical bridge too far. That is no doubt the assessment reached by Scott Thompson, chairman and CEO of Tempur Sealy, who expressed confidence in clearing the FTC’s antitrust review, “either in the traditional sense or through litigation.”

© MoginRubin LLP

For more Antitrust and FTC news, click here to visit the National Law Review.

How to Succeed in Environmental Marketing Claims

Environmental marketing claims often present something of a Catch-22—companies that are doing actual good for the environment deserve to reap the benefits of their efforts, and consumers deserve to know, while at the same time, heightened scrutiny from the Federal Trade Commission (FTC), the National Advertising Division (NAD), state regulators and the plaintiffs’ bar have made such claims increasingly risky.

In 2012, the FTC issued the Green Guides for the use of environmental marketing claims to protect consumers and to help advertisers avoid deceptive environmental marketing. Compliance with the Green Guides may provide a safe harbor from FTC enforcement, and from liability under state laws, such as California’s Environmental Marketing Claims Act, that incorporate the Green Guides. The FTC has started a process to revise the Green Guides, including a request for comments about the meaning of “sustainable.” In the meantime, any business considering touting the environmental attributes of its products should consider the following essential takeaways from the Green Guides in their current form:

    • Substantiation: Substantiation is key! Advertisers should have a reasonable basis for their environmental claims. Substantiation is the support for a claim, which helps ensure that the claim is truthful and not misleading or deceptive. Among other things, substantiation requires documentation sufficient to verify environmental claims.
    • General benefit claims: Advertisers should avoid making unqualified claims of general benefit because substantiation is required for each reasonable interpretation of the claim. The more narrowly tailored the claim, the easier it is to substantiate.
    • Comparative claims: Advertisers should be careful and specific when making comparative claims. For example, a claim that states “20% more recycled content” begs the question: “compared to what?” A prior version of the same product? A competing product? Without further detail, the advertiser would be responsible for the reasonable interpretation that the product has 20% more recycled content than other brands, as well as the interpretation that the product has 20% more recycled content than the advertiser’s older products.
    • General greenwashing terms: Advertisers should be very cautious when using general environmental benefit terms such as “eco-friendly,” “sustainable,” “green,” and “planet-friendly.” Those kinds of claims feature prominently in many complaints alleging greenwashing, and they should only be used where the advertiser knows and explains what the term means, and can substantiate every reasonable interpretation of the claim.

Putting it into Practice: Given the scrutiny that environmental claims tend to attract, advertisers should exercise care when making environmental benefit claims about their products and services. They should narrowly tailor their claims to the specific environmental attributes they want to promote, and perhaps most important, they should ensure they have adequate backup to substantiate their claims. While the FTC Green Guides are due for a refresh (which we will surely report on), for the time being, they will continue to serve as important guidance for advertisers seeking to inform consumers without exposing their business to FTC scrutiny or class action litigation.

CFPB Investigates Crypto Lender

On December 1, 2022, the Consumer Financial Protection Bureau (Bureau) made public an administrative order denying Nexo Financial LLC’s (Nexo) petition to modify the Bureau’s civil investigative demand.  The order represents the first publicly known Bureau investigation of a digital asset company, in this case, over Nexo’s “Earn Interest” crypto lending product.

The Bureau served Nexo with a civil investigative demand in late 2021 seeking further information about whether Nexo products were subject to federal consumer financial law, and in particular Nexo’s compliance with the Consumer Financial Protection Act and regulations under the Electronic Funds Transfer Act.  Nexo sought to set aside the civil investigative demand and argued that, because the SEC had taken the position that other crypto lending products were securities, the Bureau was estopped from investigating it under provisions of federal law that preempt the Bureau from regulating securities products.

The Bureau rejected Nexo’s line of reasoning.  According to the Bureau order, “Nexo Financial is trying to avoid answering any of the Bureau’s questions about the Earn Interest Product (on the theory that the product is a security subject to SEC oversight) while at the same time preserving the argument that the product is not a security subject to SEC oversight.”  The order continues, “This attempt to have it both ways dooms Nexo Financial’s petition from the start.”  The Bureau also found that Nexo’s petition was not timely filed.

As we recently noted, the Bureau has been increasing its attention to the digital asset sector.  The Nexo order includes a lengthy discussion about the breadth of its jurisdiction and ability to investigate potential violations of law.  As the crypto winter persists, we expect to see the Bureau continue to explore ways to assert its authority to regulate elements of the digital asset sector.

Article By Scott H. Kimpel of Hunton Andrews Kurth

For more financial legal news, click here to visit the National Law Review.

Copyright © 2022, Hunton Andrews Kurth LLP. All Rights Reserved.

What You Need to Know About the DOJ’s Consumer Protection Branch

The Consumer Protection Branch of the United States Department of Justice (DOJ) is one of the most overlooked and misunderstood parts of the country’s largest law enforcement agency. With a wide field of enforcement, the Branch can pursue civil enforcement actions or even criminal prosecutions against companies based in the United States and even foreign companies doing business in the country.

Here are four things that Dr. Nick Oberheiden, a defense lawyer at Oberheiden P.C., thinks that people and businesses need to know about the DOJ’s Consumer Protection Branch.

The Wide Reach of “Protecting Consumers”

According to the agency itself, the Consumer Protection Branch “leads Department of Justice enforcement efforts to enforce consumer protection laws that protect Americans’ health, safety, economic security, and identity integrity.” While “identity integrity” is relatively tightly confined to issues surrounding identity theft and the unlawful use of personal data and information, “health,” “safety,” and “economic security” are huge and vaguely defined realms of jurisdiction.

Under the Branch’s enforcement focus or interpretation of its law enforcement mandate, it has the power to prosecute fraud and misconduct in the fields of:

  • Pharmaceuticals and medical devices

  • Food and dietary supplements

  • Consumer fraud, including elder fraud and other scams

  • Deceptive trade practices

  • Telemarketing

  • Data privacy

  • Veterans fraud

  • Consumer product safety and tampering

  • Tobacco products

Business owners and executives are often surprised to learn that the Consumer Protection Branch has so many oversight powers. But the Consumer Protection Branch’s wide reach is not limited to the laws that it can invoke and enforce; it also has a wide geographical reach, as well. In order to carry out its objective, the Branch brings both criminal and affirmative civil enforcement cases throughout the country. In one recent case, the Consumer Protection Branch prosecuted a drug manufacturer for violations of the federal Food, Drug, and Cosmetic Act (FDCA) after the drug maker hid and destroyed records before an inspection by the U.S. Food and Drug Administration (FDA). The drug manufacturer, however, was an Indian company that sold several cancer drugs in the U.S. The plant inspection took place in West Bengal, India.

The Branch Has Lots of Laws at Its Disposal

The extremely broad reach of the Consumer Protection Branch comes with a significant implication: There are numerous laws that the Branch can invoke as it regulates and investigates businesses. Many of these are substantive laws that prohibit certain types of conduct, like:

Others, however, are procedural laws, which prohibit using certain means to carry out a crime, like:

  • Mail fraud (18 U.S.C. § 1341), which is the crime of using the mail system to commit fraud

  • Wire fraud (18 U.S.C. § 1343), which is the crime of using wire, radio, or television communication devices to commit fraud, including the internet

This can mean that many defendants get hit with multiple criminal charges for the same line of conduct, drastically increasing the severity of a criminal case. For example, in one case, a group of pharmacists fraudulently billed insurers for over $900 million in medications that they knew were not issued under a valid doctor-patient relationship. They were charged with misbranding medication and healthcare fraud, in addition to numerous counts of mail fraud for shipping that medication through the mail.

The Branch Has the Power to Pursue Civil and Criminal Sanctions

Lots of business owners and executives are also unaware of the fact that the DOJ’s Consumer Protection Branch has the power to pursue both civil and criminal cases if the law being enforced allows for it.

This has serious consequences for companies, and not just because the Branch can imprison individuals for putting consumers at risk: It also complicates the strategy for defending against enforcement action.

A good example of how this works in real life is a healthcare fraud allegation that is pursued by the Consumer Protection Branch under the False Claims Act, or FCA, because the alleged fraud implicated money from a government healthcare program, like Medicare or Medicaid. For it to be the crime of healthcare fraud, the Consumer Protection Branch would have to prove that there was an intent to defraud the program. If there is no intent, though, the Branch can still pursue civil penalties.

This complicates the defense strategy because keeping prosecutors from establishing your intent is not the end of the case. It just takes prison time off the table. While this is a big step in protecting your rights and interests, it still leaves you and your company open to civil liability. That liability can be quite substantial, as many anti-fraud laws – including the FCA – impose civil penalties on each violation and impose treble damages, or three times the amount fraudulently obtained.

As Dr. Nick Oberheiden, a consumer protection defense lawyer at the national law firm Oberheiden P.C., explains, “While relying on a lack of intent defense can work with other criminal offenses, it is a poor choice when fighting against allegations of fraud because it tacitly admits to the fraudulent actions. Enforcement agencies like the DOJ’s Consumer Protection Branch can then easily impose civil liability against your company.”

The Branch Works in Tandem With Other Agencies

The Consumer Protection Branch only has about 200 prosecutors, support professionals, embedded law enforcement agents, and investigators. However, between October 2020 and December 2021, the Branch charged at least 96 individuals and corporations with criminal offenses and another 112 with civil enforcement actions, collecting $6.38 billion in judgments and resolutions.

The Branch can do this in large part because it works closely with other federal law enforcement agencies, like the:

By pooling their resources with other agencies like these, the DOJ’s Consumer Protection Branch can bring more weight to its enforcement action against your company.

Article By Dr. Nick Oberheiden of Oberheiden P.C.

For more consumer protection legal news, click here to visit the National Law Review.

Oberheiden P.C. © 2022