Photo of Jessica Rich

(202) 342-8580
Bio   LinkedIn

It’s late August, but there’s a lot going on at the FTC and in consumer protection news more generally.  This blogpost highlights some recent FTC-related news, as well as several issues related to the FTC’s legal authority that bear watching.


As we blogged here, the FTC filed suit in March against Intuit for its alleged deception in claiming that its online tax preparation service is “free” when it’s only free for taxpayers filing “simple returns.”  As we reported, the FTC filed an administrative complaint while also seeking a TRO in federal district court, even as multiple State AGs were investigating and Intuit claimed it had pulled its “free” claims off its website. Soon after, the FTC lost its motion for the TRO; the States and Intuit entered into a multi-state settlement; and Intuit moved for withdrawal of the FTC’s case from administrative adjudication (per FTC Rule 3.26(c), to allow the FTC to determine “whether the public interest warrants further litigation”), which the FTC granted.

In its motion for withdrawal, Intuit argued that the case had become moot, in large part due to the multi-state settlement. However, on August 19, the Commission issued an order disagreeing with that assessment and returning the case to administrative litigation. Soon after, FTC complaint counsel filed a motion for summary decision seeking entry of a cease-and-desist order without need for a trial.

The merits of this case are interesting – FTC counsel argues that Intuit shouldn’t be able to use the word “free” unless the product is free for everyone or, alternatively, the conditions for making it free (and the fact that it isn’t free for everyone) are clearly disclosed at the outset of the offer. But the dynamics between the FTC and the State AGs are just as notable. In its recent motion, FTC counsel argues that an FTC order is necessary because the State settlement is “inadequate, allow[s] ongoing deception and harm, and … undermine[s] consumer welfare.” In particular, says FTC counsel, the State settlement allows key disclosures to be “hidden behind” a hyperlink for “space-constrained” ads and sunsets key provisions after 10 years. At a time when the FTC is increasingly teaming with the States to obtain monetary relief (post-AMG), this battle over the adequacy of their settlement could get messy.   
Continue Reading FTC Updates – Intuit, Mag-Moss, and More

On August 11, the FTC finally launched its “commercial surveillance and data security” rulemaking after many months of hype and speculation about the FTC’s ability to address consumer privacy through its “Mag-Moss” rulemaking authority. It did so by releasing (by 3/2 vote) an Advanced Notice of Proposed Rulemaking (ANPR) – the first step in a Mag-Moss rulemaking – and holding a press conference featuring Chair Khan, Commissioners Slaughter and Bedoya, and senior FTC staff.

People familiar with the many hurdles in Mag-Moss were watching to see whether the ANPR would be broad and far-reaching (thus guaranteeing a lengthy, complex process) or more narrowly tailored. The answer? The ANPR is remarkably sweeping in scope – covering virtually every form of data collection across the economy, posing 95 questions about factual and legal issues of all kinds, and raising issues that reach beyond the FTC’s legal authority. Indeed, in reading the ANPR, we couldn’t help but wonder whether this is a serious effort to develop a rule or simply a show of activity to address over-hyped expectations. (See more on this topic below.)

Not surprisingly, Commissioners Phillips and Wilson issued strong dissents. Among other things, they raised concerns about agency overreach and the potential to derail the bipartisan privacy bill currently pending in Congress (the ADPPA). Here are more details and takeaways from the FTC’s announcement:
Continue Reading The FTC’s Privacy Rulemaking: Broad and Far-Reaching, but Unlikely to Lead to a Rule Anytime Soon

For those not following every detail regarding the progress of the “three corners” federal privacy bill, here’s a summary of where things stand.

In brief, on June 23, the House E&C Consumer Protection Subcommittee held a markup during which it considered a substitute version of the bill (HR 8152), approved it by voice

On June 14, the House E&C Subcommittee on Consumer Protection and Commerce held a hearing to consider issues and concerns raised by the “three corners” privacy “discussion draft” released to the public June 3. As we blogged last week, the American Data Privacy and Protection Act (ADPPA) is an historic bipartisan compromise among three key committee leaders in the House and Senate (Sen. Wicker and Reps. Pallone and McMorris Rodgers). So far, it lacks the backing of the fourth, Senator Cantwell.

The hearing came together quickly, reflecting the limited time and challenges in this election year to pass a bill of this significance. The 3+ hour event showcased myriad issues and concerns that the witnesses and other stakeholders have raised with respect to the draft. Still, Subcommittee leaders pledged to keep working on the bill and expressed optimism that they might be able to pass comprehensive federal privacy legislation this year. As of this writing, we understand that there will be subcommittee markup next Thursday and a full-committee markup sometime after the July 4th recess.
Continue Reading Readout on House Privacy Hearing: Wide Attendance, Lots of Issues, Full Steam Ahead

On Friday June 3, a bipartisan group of leaders from key House and Senate committees released a new  “discussion draft” bill to establish nationwide standards for consumer privacy. The proposal (the American Data Privacy and Protection Act) builds on prior bills put forth by both Democrats and Republicans, as well as principles and provisions contained in the GDPR and State privacy laws. Of significance, the bill reflects bipartisan compromise on two thorny issues that have divided the parties for years – whether to preempt state privacy laws and/or include a private right of action. While the bill has been hailed as a “breakthrough,” the prospects for passage are uncertain, particularly in this busy election year.

Why is this bill significant? 

As most of our readers know, the US has no overarching federal privacy law – only sector-specific laws such as GLBA and COPPA. This patchy, confusing scheme has become even more complex with passage of the GDPR (which applies to US multinational companies) and five comprehensive State laws. While many federal bills have come and gone over the years, none reflect the high-level bipartisan compromise evident here – both on longstanding privacy concepts (notice, choice, access, security) as well as more specific concerns about discrimination, algorithms, platforms, data brokers, targeted ads, and corporate accountability. If passed, the bill would apply to virtually all companies doing business in the US.

Why is this happening now?

While many observers wish a bipartisan bill had been proposed earlier, the forces driving this bill forward have never been stronger. Passage of State laws is accelerating, the EU is exerting greater influence over privacy worldwide, and the FTC is planning to launch wide-ranging privacy rulemakings. In addition, Senator Wicker, one of the bill’s authors and a longtime leader on privacy, may soon vacate his slot as Commerce’s top Republican, motivating him to cement his legacy now. To cap it all off, while election year is indeed a difficult year to pass a bill like this, it’s also creating pressure to make one last effort on privacy.
Continue Reading New Bipartisan Federal Privacy Bill – Breakthrough, Too Late, or Both?

The replay for our May 19, 2022 Teen Privacy Law Update webinar is available here.

Protecting the privacy and safety of kids and teens online is receiving enormous attention lately from Congress, the States, the FTC, and even the White House.  Further, just last month, BBB National Programs unveiled a Teenage Privacy Program Roadmap

Earlier this week, 50 states and D.C. obtained a $141 million settlement with Intuit related to its advertising of free and freemium TurboTax products. This settlement, which took the form of an Assurance of Voluntary Compliance (a special kind of settlement authorized by many state unfair and deceptive trade practice laws), concluded a three year

There’s a “request for investigation” pending at the FTC that some of our readers might have missed.  The April 12 complaint, filed by Georgetown Law professor Laura Moy on behalf of the Council on American-Islamic Relations, urges the FTC to conduct a wide-ranging investigation of the location data industry.

The complaint focuses in particular on alleged abuses harming the Muslim community, including the government’s purchase of location data from popular Muslim prayer apps to conduct “warrantless surveillance” on Muslim individuals.  According to the complaint, these practices have led to a “sense of constant surveillance” that has chilled Muslims’ practice of religion, freedom of assembly, and use of technology to communicate. The allegations have broader implications, too, as they describe the “unfettered” and “surreptitious” data collection across many contexts by multiple industry actors, including the operating systems, app and SDK developers, data brokers, and participants in digital advertising’s real time bidding (RTB) process.

As I write this blogpost, the complaint does not appear to have been posted on the FTC’s website.  Although the FTC seeks public comment on petitions for rulemaking, this complaint may not fall within that process since it chiefly seeks investigations, citing rulemaking as a “longer term” goal.  (Of course, stakeholders may want to consider providing input to the FTC anyway to assist in its consideration of the issues.)       
Continue Reading Complaint Urges FTC to Investigate the Location Data Industry