Tag Archives: Kirk Nahra

CFPB Issues Request for Information on Data Brokers

by Kirk Nahra, Ali Jessani, and Samuel Kane

Left to Right: Kirk Nahra, Ali Jessani, and Samuel Kane (Photos courtesy of Wilmer Cutler Pickering Hale and Dorr LLP)

On Wednesday, March 15, the Consumer Financial Protection Bureau (CFPB) announced an inquiry into data brokers, issuing a “Request for Information Regarding Data Brokers and Other Business Practices Involving the Collection and Sale of Consumer Information.” This request for information (RFI) seeks information about: (1) the data broker market generally, including brokers’ information collection practices, the industry’s effects on consumers, and potential safeguards or controls to regulate data broker activity; and (2) individuals’ experiences in interacting with data brokers. The CFPB intends to use responses to the RFI to inform future rulemaking under the Fair Credit Reporting Act (FCRA). Public comments are due by June 13.

While any issuance by the CFPB of data broker regulations is far from imminent, the CFPB’s RFI is indicative of a growing appetite at both the federal and state levels to bring greater oversight to bear not just on data brokers, specifically, but on commercial uses of personal data more generally — a trend that we have seen on display with recent FTC enforcement actions and rulemaking activities, potential federal privacy legislation, and various state privacy law proposals, to name but a few examples. Continue reading

FTC Continues Enforcement Focus on the Use and Disclosure of Health Information for Advertising

by Kirk J. Nahra, Ali A. Jessani, Arianna Evers, and Samuel Kane

Author photographs

From left to right: Kirk J. Nahra, Ali A. Jessani, Arianna Evers, and Samuel Kane. (Photos courtesy of Wilmer Cutler Pickering Hale & Dorr LLP.)

On Thursday, March 2, the FTC announced an enforcement action against BetterHelp, Inc., an online mental health counseling service, relating to claims that the company’s collection and use of consumer health data were unfair and deceptive acts and practices under Section 5 of the FTC Act. As part of the settlement, BetterHelp will be required to pay $7.8 million, which the FTC will use to provide partial refunds for consumers who enrolled in and paid for BetterHelp services between August 2017 and December 2020. The BetterHelp enforcement decision comes just over a month after the FTC reached a historic settlement order with another company in the healthcare space, GoodRx, for similar alleged violations.

Continue reading

California AG Announces Investigative Sweep of Mobile Applications for CCPA Compliance

by Kirk Nahra, Ali Jessani, and Genesis Ruano

Photos of the authors

From left to right: Kirk Nahra and Ali Jessani

In a press release on January 27, 2023, California Attorney General (“California AG”) Rob Bonta announced an investigative sweep focused on mobile applications’ compliance under the California Consumer Privacy Act (CCPA), particularly with respect to effective processing of opt-out provisions. Attorney General Bonta noted that his office “is working tirelessly to make sure that businesses recognize and process consumers’ opt-out requests,” reaffirming the office’s commitment to enforcement of CCPA opt-out provisions. To date, the California AG has sent investigative letters to businesses in the retail, travel, and food service industries, which control mobile apps that allegedly have failed to comply with the CCPA. 

This press release from the California AG’s office comes at a time when the CCPA has recently been amended (and expanded) by the California Privacy Rights Act (CPRA) and when the California AG shares concurrent enforcement authority over the new law with the newly formed California Privacy Protection Agency (CPPA). The CPPA has been in the process of developing and finalizing rules for the CPRA, and neither the CPPA nor the California AG’s office can enforce the new provisions of the CPRA until July 1, 2023 (and only then for violations that occur after that date). Still, businesses should be aware that the CCPA is still in effect until that time and that the California AG is actively enforcing the law. 

We have summarized key provisions from the press release and outlined potential compliance steps for businesses to consider as part of their CCPA/CPRA compliance programs. We are happy to answer any specific questions you may have. 

Continue reading