PRIVACY & DATA SECURITY
CA Child Privacy Law Blocked Again on Constitutional Grounds
A California federal judge has once again blocked enforcement of the California Age-Appropriate Design Code Act, a law aimed at enhancing privacy protections for children online. U.S. District Judge Beth Labson Freeman granted NetChoice LLC’s second motion for a preliminary injunction, citing First Amendment concerns. The law, which was set to be enforced April 5, mandates tech companies to configure default privacy settings to the highest level and avoid using deceptive design features known as dark patterns. Judge Freeman ruled that NetChoice, representing major tech firms like Meta, Google, Amazon, and Netflix, is likely to succeed in its challenge, arguing that the law imposes unconstitutional restrictions on online speech. The judge emphasized that the state’s interest in protecting children does not justify the broad and restrictive measures imposed by the law.
BUSINESSES NEED TO KNOW: This preliminary injunction pauses enforcement for now, but time will tell whether the injunction becomes permanent. In the meantime, other states are joining in the move to enhance children’s privacy protections and businesses need to be cognizant of this changing landscape.
Utah Passes Groundbreaking App Store Age Verification Bill
Utah lawmakers have passed S.B. 142, the App Store Accountability Act, which requires app stores like Apple’s and Google’s to verify users’ ages and block those under 18 from downloading apps or making in-app purchases without parental consent. Passed with overwhelming support in both the state House and Senate, it will be the first law in the U.S. to impose such requirements on app marketplaces. However, the legislation is expected to face legal challenges on First Amendment grounds, similar to previous Utah laws aimed at protecting minors online. Proponents argue the bill protects children from predatory terms and conditions, while opponents claim it infringes on free speech and provides only a false sense of security.
BUSINESSES NEED TO KNOW: On its face, this law would seem to only impact a handful of companies. However, any business that produces apps that could be used by minors could see a reduction in users or in-app purchases, especially if other states follow suit or the app stores apply the verification process universally.
Federal Judge Rules Privacy Statements on Websites Provide Implied Consent
A federal judge has ruled that websites disclosing third-party data collection in visible privacy statements do not violate Pennsylvania’s wiretapping laws. U.S. District Judge William S. Stickman IV dismissed a lawsuit against Harriet Carter Gifts, stating that the privacy statement on its website provided constructive notice to users, including the plaintiff, Ashley Popa. Popa had claimed her data was collected without consent, but the judge found that the privacy statement’s visibility, implemented in a way a “reasonably prudent person” would have noticed, along with Popa’s continued use of the site, implied user consent.
BUSINESSES NEED TO KNOW: Although less often utilized than California’s anti-wiretapping law, Pennsylvania’s anti-wiretapping law has been a source for lawsuits seeking to challenge the collection of information by websites. Businesses should take note that the logic of this decision stems from the visibility of the notice about the collection. To further minimize risk, a business could include disclosure of the collection in a prominent cookie banner or pop-up that a consumer is unlikely to miss.
TCPA & TELESERVICES
Law Firm (Not M&S!) Faces Proposed Class Action for TCPA Violations
An Illinois man has filed a proposed class action lawsuit against Georgia law firm Kaila & Solomon Law Group LLC (Guardian Law) and marketing company ClicTree LLC, alleging violations of the TCPA. Wesley Newman claims he received 41 unsolicited telemarketing calls from ClicTree despite being on the National Do Not Call registry, many featuring prerecorded messages, in an attempt to generate personal injury leads for Guardian Law. After engaging with the callers, Newman was eventually sent a retainer agreement from Guardian Law. Despite requesting to be placed on an internal do-not-call list, he continued to receive calls. The suit asserts that Guardian Law is liable for ClicTree’s actions because it accepted leads generated through the illegal calls and authorized continued contact.
BUSINESSES NEED TO KNOW: Any company utilizing a lead provider – even a law firm – may be held liable for actions taken on their behalf. And that’s pretty risky business when it comes to potential violations of the TCPA. Although this case has yet to play out, if found liable, Guardian could be on the hook for $500 per call per class action member (tripled to $1,500 if the actions are found to be willful or negligent).
Utilities Push FCC to Clarify Consent Rules for Energy-Saving Alerts
The Edison Electric Institute (EEI), representing power utilities, has petitioned the FCC to clarify that utilities can legally call or text customers about participating in demand response programs—which encourage shifting energy use during peak times—without needing prior express consent under the TCPA.
EEI argues these communications are non-marketing, informational messages that help maintain grid stability, reduce outages, and lower customer costs. A 2016 FCC ruling established that providing a phone number to a utility implies consent for some service-related messages, but EEI says further clarity is needed specifically for demand response outreach.
BUSINESSES NEED TO KNOW: Utilities are not alone in seeking clearer guidance on consent requirements. Calls for clarity have been made in other industries involving consumer communications, including healthcare (appointment reminders, health alerts), financial services (account updates, fraud alerts), and retail (order confirmations, delivery updates).
FCC Delays Reasonable Methods Provision of Revocation of Consent Rules
While this happened a few days too late to call it March news, we want to make sure you’re up-to-date on the latest TCPA activity! Read our blog on the FCC’s 1-year delay of the “Reasonable Methods” provision of the new Revocation of Consent rules and what it means for businesses.
ADVERTISING & MARKETING
New York AG Proposes FAIR Business Practices Act to Strengthen Consumer Protections
New York Attorney General Letitia James has introduced the FAIR Business Practices Act, aimed at expanding the state’s consumer protection powers to target not just deceptive but also unfair and abusive business practices. The bill addresses a wide range of consumer harms, including deed theft, AI-driven scams, phishing, junk fees, subscription traps, and unlawful debt collection practices.
New York’s existing legislation only prohibits deceptive business acts and practices, leaving a gap in enforcement. The new legislation would allow James’ office—and consumers themselves—to pursue civil penalties and restitution for unfair or abusive business conduct, aligning New York with 47 other states that already have similar protections.
BUSINESSES NEED TO KNOW: As we saw with the last Trump administration, expect states to ramp up consumer protection legislation –and enforcement – in the face of federal agency rollbacks and perceived gaps. If the FAIR Business Practices Act is enacted, New York regulators in particular will have more tools in their toolbox for going after consumer protection violations.
FTC Stands Firm on “Click-to-Cancel” Rule Amid Legal Pushback
The FTC is defending its “click-to-cancel” rule, which mandates that companies must allow consumers to cancel subscriptions as easily as they can sign up, typically with a single click. Finalized in October 2024 under the Biden administration, the rule specifically targets “negative option” programs where services continue unless actively canceled.
Despite internal opposition and recent political changes, including the ousting of two Democratic commissioners by the Trump administration, the FTC maintains that the rule enforces basic consumer protections like clear disclosure of terms, informed consent for recurring charges, and straightforward cancellation options. The FTC has urged the Eighth Circuit to dismiss a lawsuit challenging the rule, refuting claims that it lacks authority to regulate multiple sectors.
BUSINESSES NEED TO KNOW: It appears that the federal agency rollbacks and shifting of enforcement priorities are not all-inclusive. The Click-to-Cancel rule is set to take full effect in May 2025 and will mark a significant shift in consumer rights related to subscription services. While legal challenges are ongoing, businesses should be taking steps to ensure their subscription cancellation services remain compliant.
Trump Fires Democratic FTC Commissioners, Sparking Legal Backlash
President Trump fired Democratic FTC Commissioners Alvaro Bedoya and Rebecca Kelly Slaughter, leaving two Republicans and no minority party representation on the agency’s five-commissioner bipartisan bench. The former commissioners have filed a lawsuit challenging their removal, arguing that the firings violated the FTC Act and the U.S. Supreme Court’s 1935 decision in Humphrey’s Executor, which limits presidential power to remove FTC commissioners without cause.
The lawsuit contends that Trump dismissed the commissioners without citing misconduct, in breach of the statute that allows removal only for “inefficiency, neglect of duty, or malfeasance.” Slaughter and Bedoya claim the firings threaten the independence of the FTC and set a dangerous precedent for other regulatory bodies like the FTC, Federal Reserve, FDIC, and SEC. Trump has yet to nominate replacements for the Democratic seats, leaving the FTC imbalanced.
BUSINESSES NEED TO KNOW: The legal dispute joins another similar case regarding the firing of two Democratic National Labor Relations Board (NLRB) members and is also likely headed to the Supreme Court, which has signaled interest in revisiting Humphrey’s Executor. However, success for Bedoya and Slaughter may prove elusive. Just this week, the Supreme Court placed an administrative stay on a pair of judicial orders that had been shielding the NLRB members from dismissal, clearing the way for their removal, at least for now. Regardless of the outcome, the Courts’ rulings will have significant implications for executive authority to staff administrative agencies and regulatory bodies.
Learn how we can help keep you in compliance and ahead of the regulatory curve. Let’s Talk.
Want to receive Regulatory Roundups right to your inbox? Subscribe.