Federal Trade Commission

On December 22, the Federal Trade Commission (“FTC”) issued an order setting aside its 2024 final consent order against Rytr, LLC (“Rytr”) on the grounds that the facts alleged in the Rytr complaint did not violate Section 5.  The Commission further found that the Rytr order did not provide any

Continue Reading FTC Sets Aside Rytr Final Order Pursuant to White House AI Action Plan

The Federal Trade Commission (FTC) sent letters to 10 companies—whose identities were not publicly disclosed—on December 22, 2025, warning them about potential violations of the Consumer Reviews Rule. The Rule, which took effect in October 2024, targets deceptive online review and testimonial practices. These warning letters mark the FTC’s first

Continue Reading FTC Issues Warning Letters for Violations of Consumer Reviews Rule

The Federal Trade Commission (FTC) recently announced that it agreed to proposed consent orders with two companies that experienced recent cybersecurity incidents, Illuminate Education (“Illuminate”) and Illusory Systems, which does business as Nomad (“Illusory”), to resolve allegations that both companies’ information security practices had violated Section 5 of the FTC

Continue Reading FTC Announces 10-Year Information Security Consent Orders with Illuminate Education and Illusory Systems

On July 8, 2025, the Eighth Circuit issued a per curiam decision that vacated the FTC’s revised Negative Option Rule in its entirety.  The opinion will become effective when the court issues its mandate, which should happen within seven weeks unless the FTC seeks further review.Continue Reading Eighth Circuit Vacates FTC Negative Option Rule

On March 23, the Federal Trade Commission (“FTC”) announced a notice of proposed rulemaking that would significantly revise the legal framework governing automatically renewing subscriptions.  The proposal would amend the FTC’s existing Negative Option Rule to provide specific disclosure, consent, and cancellation requirements applicable to all negative options in all media.  The Rule would formalize many of the guidelines from the FTC’s October 2021 Enforcement Policy Statement Regarding Negative Option Marketing (“Policy Statement”) and incorporate new requirements not previously addressed at the federal level such as renewal reminders.  Continue Reading FTC Proposes to Rewrite Negative Option Rule with Expansive Notice of Proposed Rulemaking

In February, the Federal Trade Commission (“FTC”) published a blog post that elucidated key security principles from recent FTC data security and privacy orders.  Specifically, the FTC highlighted three practices that the Commission regards as “effectively protect[ing] user data.”  These practices include: (1) offering multi-factor authentication (“MFA”) for consumers and requiring it for employees; (2) requiring that connections within a company’s system be both encrypted and authenticated (e.g., deploying a “zero trust” methodology); and (3) requiring companies to develop data retention schedules.  The FTC noted that while these measures “are not the sum-total of everything the FTC expects from an effective security program, they are a sample of provisions [that the FTC has] seen recently that speak directly to the idea of attacking things at their root cause to produce uniquely effective results.”Continue Reading FTC Publishes Blog Post on Data Security Practices for Complex Systems

On February 1, the Federal Trade Commission (“FTC”) announced its first-ever enforcement action under its Health Breach Notification Rule (“HBNR”) against digital health platform GoodRx Holdings Inc. (“GoodRx”) for failing to notify consumers and others of its unauthorized disclosures of consumers’ personal health information to third-party advertisers.  According to the proposed order, GoodRx will pay a $1.5 million civil penalty and be prohibited from sharing users’ sensitive health data with third-party advertisers in order to resolve the FTC’s complaint. 

This announcement marks the first instance in which the FTC has sought enforcement under the HBNR, which was promulgated in 2009 under the Health Information Technology for Economic and Clinical Health (“HITECH”) Act, and comes just sixteen months after the FTC published a policy statement expanding its interpretation of who is subject to the HBNR and what triggers the HBNR’s notification requirement.  Below is a discussion of the complaint and proposed order, as well as key takeaways from the case.Continue Reading FTC Announces First Enforcement Action Under Health Breach Notification Rule

On January 13, the FTC announced a settlement with WealthPress, an online service provider that recommends trades in financial markets.  The settlement resolved allegations that WealthPress violated both the Restore Online Shoppers’ Confidence Act (ROSCA) and Section 5 by making false and misleading claims about how much consumers could earn with the company’s trading recommendation services.  The action is noteworthy for two reasons.  First, building upon the FTC’s prior MoviePass settlement, the FTC’s ROSCA allegations focus not on the terms of the subscription service offered, but rather on the failure to clearly disclose material information about the company’s services.  Second, this is the FTC’s first settlement imposing civil penalties for alleged earnings claims violations predicated upon a Notice of Penalty Offenses issued in October 2021.  The settlement provides for $1.3 million in consumer redress, $500,000 in civil penalties, and injunctive relief.Continue Reading FTC Relies on ROSCA and Notices of Penalty Offenses to Police Deceptive Conduct in Settlement with WealthPress

On November 3, the FTC announced that it entered into a significant $100 million settlement with Vonage to resolve allegations relating to the internet phone service provider’s sales and autorenewal practices. The FTC alleged that Vonage violated both the FTC Act and the Restore Online Shoppers’ Confidence Act (ROSCA) by failing to provide a simple cancellation mechanism, failing to disclose material transaction terms prior to obtaining consumers’ billing information, and charging consumers without consent.Continue Reading FTC Flexes ROSCA Muscle With $100 Million “Dark Patterns” Settlement with Vonage