InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Minnesota Attorney General settles with tribal company over high interest rates
On February 21, the Minnesota Attorney General announced a settlement with a tribal economic development entity to resolve a 2023 federal lawsuit that alleged the entity’s lending subsidiaries were engaged in predatory lending and illegal interest rates, in violation of Minnesota and federal consumer lending laws. As previously covered by InfoBytes, the complaint claimed that the entity’s lending subsidiaries charged interest rates of up to 800 percent in violation of state statutory caps of eight percent, and led state residents to believe that the entity was exempt from state laws that protect against predatory lending.
Under the terms of the settlement, the entity and its subsidiaries can no longer lend to Minnesota residents nor advertise or market those loans. The settlement also required any loan issued to consumers in Minnesota before the settlement is canceled, except to recover the original principal balance with all past payments to be attributed towards paying down the principal balance.
California Attorney General settles with food delivery company for allegedly violating two state privacy acts
On February 21, the California State Attorney General Office announced its complaint against a food delivery company for allegedly violating the California Consumer Privacy Act of 2018 (CCPA) and the California Online Privacy Protection Act of 2003 (CalOPPA) for failing to provide consumers notice or an opportunity to opt-out of the sale.
The CCPA requires businesses that sell personal information to make specific disclosures and give consumers the right to opt out of the sale. Under the CCPA, a company must disclose a privacy policy and post an “easy-to-find ‘Do Not Sell My Personal Information’ link.” The California AG alleged that the company provided neither notice. The AG also alleged that the company violated CalOPPA by not making required privacy policy disclosures. The company’s existing disclosures indicated that the company could only use customer data to present someone with advertisements, but not give that information to other businesses to use.
The proposed stipulated judgment, if approved by a court, will require the company to pay a $375,000 civil money penalty, and to (i) comply with CCPA and CalOPPA requirements; (ii) review contracts with vendors to evaluate how the company is sharing personal information; and (iii) provide annual reports to the AG on potential sales or sharing personal information.
New York State Attorney General wins $77 million judgment against short-term lenders for predatory lending
On February 8, New York State Attorney General (AG) Letitia James announced a more than $77 million judgment against three merchant cash advance (MCA) companies for usury and fraud based on allegations the lenders used short-term loans to charge illegally high-interest and undisclosed fees.
In a June 2020 announcement, Attorney General James detailed her office’s investigation, which concluded that the companies employed practices including (i) extending MCAs to small business owners at illegal interest rates over short durations; (ii) imposing undisclosed fees; (iii) withdrawing excess amounts from merchants’ bank accounts; and (iv) procuring judgments against merchants through the submission of falsified affidavits in New York State courts.
The judgment follows a September 2023 court decision finding violations of New York’s prohibitions against, among other things, usury and predatory lending, and requiring the companies to cease collections and to repay thousands of small businesses the interest they paid. The companies were ordered to provide the full restitution and damages within 60 days to all merchants who entered into MCAs, including refunding all amounts taken from merchants or their guarantors in connection with the MCAs, minus the principal amounts funded to the borrowers. After the companies failed to pay the damages, the AG sought the entry of the monetary judgment from the court.
Washington State Attorney General wins two suits under medical billing practices
On February 1, the Attorney General from Washington State successfully sued a large healthcare group to pay over $158 million for settlement of funds under the state’s Consumer Protection Act (CPA). The Washington AG stated that the healthcare group violated state law which requires hospital management to notify patients about financial assistance and to screen them for eligibility before trying to collect payment. The healthcare group has been ordered to pay $20.6 million in patient refunds and will forgive $137.2 million in medical debts; it will also pay $4.5 million to cover the attorney general’s costs. Among others, the consent decree includes several injunctions to be engaged in or refrained from for five years, including maintaining charity care policies, and not collecting payment for medical services unless presented with either of two stated stipulations. Lastly, the consent decree states that if the healthcare group violates a condition, it would have to pay up to $125,000 per violation. The defendants do not admit the allegations of the complaints filed in the first lawsuit from February 2022.
Similarly, on February 2 the Washington AG successfully entered into a motion for partial summary judgment against a medical debt collection agency working within the healthcare group for sending 82,729 debt collection notices under the Collection Agency Act (CAA). The court agreed with the AG’s finding that the agency’s debt collection notices failed to make the required disclosures under the CAA. Damages have not yet been awarded.
Connecticut Attorney General reports on Connecticut Data Privacy Act
On February 1, Connecticut’s Attorney General (AG) released a report on the Connecticut Data Privacy Act (CTDPA) including information on the law and how the state enforces it. Enacted in May 2022, the CTDPA is a comprehensive consumer data privacy law which took effect on July 1, 2023. The CTDPA gives consumers in Connecticut a set of rights regarding their personal information and privacy standards for businesses handling such data. Connecticut residents can: (i) see what data companies have on them; (ii) ask for corrections on inaccurate information; (iii) request the deletion of their data; and (iv) choose not to have their personal information used for selling products, targeted advertisements, or profiling. The report noted that within the first six months the CTDPA has been in effect, the AG issued dozens of violations towards a number of information requests. It added that companies generally responded positively to the notices and updated quickly their privacy policies and consumer rights mechanisms. According to the report, while some companies initially went below the CTDPA threshold, they made changes to meet it later while a few went beyond identified areas in the notices by strengthening their disclosures.
The report also mentioned that beginning on January 1, 2025, businesses are required to acknowledge universal opt-out signals, reflecting consumers’ choice to opt out of targeted advertising and the sale of personal data. This mandatory provision was emphasized during Connecticut's legislative process to alleviate the consumer burden, and it has been enacted into law. Finally, the report discusses possible expansions and clarifications to the CTDPA for the legislature to consider.
FCC Chairwoman proposes making all AI-generated robocalls “illegal” to help State Attorneys General
On January 31, FCC Chairwoman, Jessica Rosenworcel, released a statement proposing that the FCC “recognize calls made with AI-generated voices are ‘artificial’ voices under the Telephone Consumer Protection Act (TCPA), which would make voice cloning technology used in common robocalls scams targeting consumers illegal.” Specifically, the FCC’s proposal would make voice cloning technology used in robocall scams illegal, which has been used to impersonate celebrities, political candidates, and even close family members. Chairwoman Rosenworcel stated, “No matter what celebrity or politician you favor… it is possible we could all be a target of these faked calls… That’s why the FCC is taking steps to recognize this emerging technology as illegal… giving our partners at State Attorneys General offices… new tools they can use to crack down on these scams and protect customers.”
This action comes after the FCC released a Notice of Inquiry last month where the FCC received comments from 26 State Attorneys General to understand how the FCC can better protect consumers from AI-generated telemarking, as covered by InfoBytes here. This is not the first time the FCC has targeted robocallers: as previously covered by InfoBytes in October 2023, the FCC proposed an inquiry into how AI is used to create unwanted robocalls and texts; in September 2023, the FCC updated its rules to curb robocalls under the Voice over Internet Protocol, covered here.
California Attorney General investigates streaming services for CCPA violations
On January 26, California State Attorney General Rob Bonta announced an investigative initiative by issuing letters to businesses operating streaming apps and devices, accusing them of non-compliance with the California Consumer Privacy Act (CCPA). The focus of the investigation is the evaluation of streaming services’ adherence to the CCPA's opt-out requirements, in particular those businesses that sell or share consumer personal information. The investigation targets businesses failing to provide a direct mechanism for consumers wishing to prevent the sale of their data.
AG Bonta urged consumers to know about and exercise their rights under the CCPA, emphasizing the right to instruct businesses not to sell their personal information. The CCPA grants California consumers enhanced rights regarding the collection, sharing, and disclosure of their personal information by businesses, and compliance responsibilities include responding to consumer requests and providing necessary notices about privacy practices. AG Bonta noted that the right to opt-out under the CCPA mandates that businesses selling or sharing personal data for targeted advertising must facilitate an easy and minimal-step process for consumers to exercise their right. For example, users should be able to easily navigate their streaming service’s mobile application settings to enable the “Do Not Sell My Personal Information” option. The expectation is that this choice remains effective across various devices if users are logged into their accounts when electing to opt-out. Finally, Bonta added that consumers should be given easy access to a streaming service’s privacy policy outlining their CCPA rights.
Colorado Attorney General fines debt collector $500,000 for collecting on illegal loans
On January 16, the Colorado State Attorney General (AG) reached a settlement agreement with a third-party debt collection company that is ordered to pay $500,000 to the State. The company previously contracted to collect debt from consumers on behalf of unlicensed lending entities associated with Native American tribes, or Tribal Lending Entities (TLEs). According to the settlement agreement, none of the TLEs were licensed Colorado lenders and all of their loan agreements with consumers contained finance charge terms that exceeded the Uniform Consumer Credit Code’s 12 percent finance charge cap on unlicensed lenders—with most having interest rates that exceeded 500 percent APR and some up to 900 percent APR. The AG alleged that, between 2017 and 2022, the company violated the Colorado Fair Debt Collection Practices Act by using “unfair or unconscionable means” to collect on defaulted TLE-issued loans by representing to consumers that the entire loan balance was owed to the TLEs, that the company was legally authorized to collect the payments, and that consumers were legally obligated to pay the full amount. The company denies that its conduct violated any state law and otherwise denies all allegations of wrongdoing. Along with the penalty, the company will be barred from collecting on any debt where the loan’s APR exceeded the 12 percent cap and will provide the State with a list of affected consumers within 30 days.
CFPB, seven State AGs file suit against debt-relief company
On January 19, the CFPB and seven state attorneys general (Colorado, Delaware, Illinois, Minnesota, New York, North Carolina, and Wisconsin) announced a lawsuit against a debt-relief company, its subsidiaries, and its two individual owners (defendants) for allegedly facilitating an unlawful debt relief service. According to the complaint, the company used third parties to solicit consumers with large debts and direct them to contact defendants. The company then, allegedly, advised consumers to enroll in their debt-relief service that will negotiate reduced payoff amounts with consumers’ creditors and represent consumers. Additionally, individual defendants implicated in the action created law firms paired with one of the company’s subsidiaries, which performed little to no work on behalf of consumers, while non-attorney negotiators from the company were tasked with renegotiating a consumer’s debt. The CFPB and the AGs alleged that the company charges fees ($84 million since 2016) before and during the service, that left consumers with additional debt, lower credit scores, lawsuits with creditors, and had none of their original debts settled or reduced.
Among other things, the CFPB claimed the company violated the Telemarketing Sales Rule (TSR) by (i) charging advance fees before a consumer has made at least one payment under a debt settlement plan; (ii) collecting fees after settling some of a consumer’s debts when the fees are not proportional to the amount of debt defendant successfully settled or based on a fixed percentage of the amount saved; and, (iii) supporting its subsidiary law firms that the company knew or knowingly avoided knowing engaged in abusive acts or practices. The complaint sought permanent and preliminary injunctive relief, redress for consumers, and a civil money penalty. On January 11, the court granted the Bureau’s request for a temporary restraining order.
Student loan servicer fined $1.8 million by Massachusetts Attorney General
On January 11, the Massachusetts Attorney General (AG) announced a $1.8 million settlement with a student loan servicer, to resolve allegations that the company did not properly communicate Income-Driven Repayment (IDR) plan renewals to borrowers. According to the settlement, IDR plans are a “helpful tool for managing unaffordable federal student loan debt and avoiding the consequences of default… [and respondent] is required to follow specific procedures intended to ensure that borrowers are able to successfully navigate the enrollment and annual recertification processes required for IDR.” The AG alleged that the respondent violated state law by sending written notices that did not meet regulatory requirements and failed to send required notices.
Under the terms of the settlement, respondent will (i) pay $1.8 million; (ii) include certain disclosures in renewal notice correspondence to borrowers; (iii) comply with requirements for FFELP loans owned by the DOE and enrolled in certain repayment plans; (iv) clearly disclosure to certain borrowers that failure to timely provide certain information about income or family size will result in increased monthly payments; and (v) retain copies of each written communication that it sends to borrowers regarding their IDR plans. The student loan servicer enters into this agreement for settlement purposes only (without admission).