
New UK Consumer Rules Herald Stricter Enforcement and Significant Fines
Consumer protection is rising to the top of the regulatory agenda worldwide. The UK consumer protection regime is undergoing a major shift: The Competition and Markets Authority (CMA) now has powerful new tools under the Digital Markets, Competition, and Consumers Act (DMCCA) (see our Sidley Update here), including the ability to directly enforce consumer law and fine companies up to 10% of global annual turnover for serious infringements. (more…)

Consumer Financial Protection Bureau Releases Proposed Rule on Fair Credit Reporting Act
On December 3, 2024, the U.S. Consumer Financial Protection Bureau (the CFPB) announced a notice of proposed rulemaking that seeks to significantly expand the scope of the Fair Credit Reporting Act and its implementing regulation, Regulation V (collectively, the FCRA), and to impose new requirements on covered parties, such as data brokers (the Proposed Rule).1 If implemented as currently drafted, the Proposed Rule would increase the amount of information defined as a “consumer report” and the number of persons defined as a “consumer reporting agency.” Moreover, it would create new requirements in relation to certain permissible purposes for which a consumer reporting agency may furnish a consumer report to a party.

U.S. FTC’s New Rule on Fake and AI-Generated Reviews and Social Media Bots
On August 14, 2024, the United States Federal Trade Commission (FTC) announced a final rule that prohibits fake and artificial intelligence-generated consumer reviews, consumer testimonials, and celebrity testimonials, along with other types of unfair or deceptive practices involving reviews and testimonials. This new rule is the latest development in the FTC’s increased rulemaking efforts and increased focus on AI, and will take effect on October 21, 2024.
U.S. SEC Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information Amendments Adopted
On May 16, 2024, the U.S. Securities and Exchange Commission (SEC) adopted amendments to its Regulation S-P. These final amendments impose significant cybersecurity requirements for several SEC-registered entities and transfer agents registered with another appropriate regulatory agency, including with respect to these entities’ policies and procedures, incident response and notification procedures, and cybersecurity risk management.

CFPB Begins Rulemaking on Data Access and Portability
The Consumer Financial Protection Bureau (CFPB) on October 27, 2022 took the long-anticipated first step to issue a regulation implementing Section 1033 of the Dodd-Frank Wall Street Reform and Consumer Protection Act. This followed a preview by CFPB Director Rohit Chopra at the Money 20/20 conference on October 25 in which he outlined the “CFPB’s new approach to regulation,” which is designed to create “catalysts for more competition.” With respect to Section 1033, Director Chopra said that the CFPB is “exploring safeguards to prevent excessive control or monopolization by one, or even a handful of, firms” and will be working toward avoiding regulations that could be “rigged in favor of some players over others.” Director Chopra’s focus on competition as an essential element of consumer protection has been a hallmark of his directorship.