Newsletter May 6, 2026

Wiley Consumer Protection Download (May 6, 2026)

May 6, 2026

Select Federal Enforcement Actions
Select State Enforcement Actions
Select NAD Advertising Challenge Case Decisions
Federal and State Regulatory Announcements
Upcoming Events and Deadlines
More Analysis from Wiley

Welcome to Wiley’s update on recent developments and what’s next in consumer protection enforcement and regulation. We cover developments with the Federal Trade Commission (FTC), the Consumer Financial Protection Bureau (CFPB or the Bureau), and state Attorneys General, as well as self-regulatory advertising challenges decided by BBB National Programs’ National Advertising Division (NAD). Our recent State Consumer Protection Series also provides practical insights into emerging trends and priorities at the state level, including on automatic renewal laws, “junk fees”, and robocalls. Wiley also has an FTC Consumer Protection and Privacy Enforcement Series and Trump Administration Resource Center to provide practical insights into emerging FTC and Executive branch priorities. Please reach out to any of our authors with any questions about recent regulatory or enforcement activity on the federal or state level.

To subscribe to this newsletter, click here.

Select Federal Enforcement Actions

FTC Settlement with Data Broker Prohibits Company from Selling, Sharing, or Disclosing Sensitive Location Data Without Consent. On May 4, the FTC announced a proposed order settling litigation with a data broker and its subsidiary. The FTC filed a complaint against the data broker in 2022, alleging that its collection, use, and disclosure of consumers’ precise location data without their knowledge or consent violated the FTC Act. Specifically, the FTC alleged that the data broker’s collection, use, and disclosure of this information constituted unfair acts or practices because the data at issue revealed consumers’ movements, including visits to health facilities and places of worship. The proposed order prohibits the company from selling, licensing, transferring, sharing, or disclosing sensitive location data in any products or services unless the company has a direct relationship with the consumer related to the sensitive location data, obtains a consumer’s affirmative express consent, and uses the data to provide a service explicitly requested by the consumer. The proposed order also requires the company to implement compliance programs and to submit incident reports to the FTC if the company determines that a third party shared consumers’ precise location data without their consent.

FTC Files Complaint Against MLM Participants Who Allegedly Deceived Workers About Potential Earnings. On April 27, the FTC filed a complaint against two high-level participants in a multilevel marketing (MLM) campaign, alleging that they deceived consumers about the amount of money that they could earn from selling products and recruiting new participants for the company, which sells health and wellness products. According to the complaint, however, the MLM’s own disclosure statements showed that most participants have made little or no money. The complaint seeks a permanent injunction.

Federal District Court Grants FTC Request to Preliminarily Enjoin Alleged Health Insurance Scam. On April 15, the U.S. District Court for the Southern District of Florida granted a preliminary injunction against entities that allegedly impersonated government agencies and large insurance companies to deceive consumers seeking health insurance into purchasing preferred provider organization plans that do not offer the coverage those consumers sought. According to the FTC’s complaint, the alleged scheme operated under several names and targeted insured consumers by claiming they need to maintain or renew coverage. The complaint alleges violations of the FTC Act, the Telemarketing Sales Rule, the Impersonation Rule, and the Gramm-Leach-Bliley Act.

Select State Enforcement Actions

New York DFS Settles with Dental Insurance Company for Alleged Violations of Agency Cybersecurity Regulations. On April 30, the New York Department of Financial Services (DFS) announced a $2.25 million settlement with a dental insurance company over allegations that the company violated the agency’s cybersecurity regulations. According to DFS, an investigation determined that the company’s incident response policies were inadequate, and that this allowed threat actors to exploit vulnerabilities and obtain access to New Yorkers’ personal information. Specifically, DFS determined that the dental insurer did not comply with requirements to implement retention settings, policies, procedures, and controls designed to protect both consumer data and the information systems of financial institutions.

Massachusetts AG Settles with Health Insurance Company for Allegedly Engaging in Unfair and Deceptive Sales Practices. On April 29, the Massachusetts Attorney General (AG) announced a $5 million settlement with a health insurance company for allegedly using deceptive and unfair business practices to sell supplemental health coverage and non-insurance health programs to Massachusetts residents that failed to meet state and federal standards. Specifically, the Massachusetts AG’s investigation concluded that the company deceptively marketed its health insurance plans as comprehensive, even though they did not meet federal or state requirements for comprehensive health insurance coverage.

New York AG Settles with Cryptocurrency Platform Over Allegations That Platform Misled Investors. On April 29, the New York AG announced a settlement with a cryptocurrency platform that allegedly misled investors by promoting a product that promised significant annual interest payments to customers who invested in the product. The platform had promoted the product as a safe and reliable savings opportunity. According to the New York AG, however, the product generated interest through micro-loans to Chinese video game players with low monthly incomes, no credit history, and no access to credit through traditional Chinese financial institutions. The settlement requires the cryptocurrency platform to pay $5 million in restitution to customers who suffered losses. Additionally, the settlement requires the platform to maintain and improve its due diligence policies before partnering or recommending an investment product. Finally, the settlement requires the platform to register as a broker with the New York AG.

Washington AG Sues Large Grocery Store Chains for Allegedly Deceptive “Buy One Get One Free” Deals. On April 27, the Washington state AG filed a complaint against three large grocery store chains, alleging that the stores overcharged Washington consumers in more than three million transactions over a five-year period through allegedly deceptive “buy one get one free” deals. According to the complaint, the stores hiked prices of products eligible for the deals in the weeks or months leading up to the promotion, and allegedly overcharged consumers in the interim. The complaint seeks an injunction and civil penalties for each violation of state law, as well as restitution.

Select NAD Advertising Challenge Case Decisions

NAD Recommends Health Care Company Discontinue Certain Claims about Earwax Product. On April 23, NAD recommended that a health care company modify or discontinue certain performance and comparative superiority claims about its earwax removal product. Although there was sufficient support for the claims that the product was “laboratory-proven,” NAD found insufficient support for the claim that consumers will experience meaningful ear clearing within “one dose” or approximately 15 minutes. NAD also recommended discontinuing the claim that a competitor product has “very little, if any, effect” in eliminating earwax. The company agreed to comply with the recommendations.

NAD Finds Ingredient Content Claims for Dietary Supplement Unsubstantiated. On April 27, NAD recommended that a maker of dietary supplement discontinue or modify claims of “200 mg magnesium per serving.” NAD notes that the supplement contains 200 milligrams of magnesium glycinate, not elemental magnesium, and the claim could mislead a reasonable consumer that the supplement contains 200 milligrams of elemental magnesium. The maker agreed to comply with NAD’s recommendations.

Federal and State Regulatory Announcements

CFPB Issues Final Rule Amending Small Business Lending Provisions of Regulation B. On May 1, the CFPB issued a Final Rule revising certain provisions in Regulation B, Subpart B, which implements the Equal Credit Opportunity Act (ECOA). The Final Rule amends the credit transactions and financial institutions covered by Subpart B, as well as the data points that are included within its scope. Specifically, the Final Rule excludes the following from Subpart B: merchant cash advances, agricultural lending and small dollar loans, and Farm Credit System lenders. It also raises the origination threshold for covered financial institutions from 100 to 1,000 covered credit transactions for each of two consecutive years, adjusts the gross annual revenue threshold in the definition of “small business” from $5 million or less to $1 million or less, and streamlines data collection requirements with respect to business ownership status and demographic data.

CFPB Issues Final Rule Amending Regulation B. On April 22, the CFPB issued a Final Rule amending Regulation B by eliminating use of the disparate impact analysis as grounds for enforcement actions. Federal banking agencies and the U.S. Department of Justice historically undertook enforcement actions based on statistical analyses that provided evidence of lower credit application rates from minority lenders. The Final Rule provides that ECOA does not authorize disparate-impact liability, though the Final Rule makes clear that intentional discrimination remains prohibited.

The Final Rule also narrows the scope of Regulation B’s discouragement provision. Specifically, the Final Rule clarifies that “it prohibits statements of intent to discriminate in violation of ECOA and is not triggered merely by negative consumer impressions.” Additionally, the Final Rule adopts a new provision prohibiting for-profit organizations from offering a Special Purpose Credit Program (SPCP) that uses race, color, national origin, or sex as eligibility criteria. The Final Rule also includes a new provision that consists of a written plan provision, which requires applicants to explain why they need an SPCP and to explain why a class of persons would not be eligible for credit under the organization’s creditworthiness standards.

FTC Data Shows That Consumers Have Lost Billions of Dollars to Social Media Scams. On April 27, the FTC released new data demonstrating that in 2025, almost 30% of people who reported losing money to a scam stated that it started on social media, with reported losses for this group reaching $2.1 billion. According to FTC data, social media scams come in different forms, including investment scams, shopping scams, and romance scams.

Upcoming Events and Deadlines

New York City DCWP Seeks Comment on Proposed Rule Regulating Automatic Renewal Offers. Comments on the New York City Department of Consumer and Worker Protection’s (DCWP) Proposed Rule regulating automatic renewals and continuous service offers are due May 8. DCWP issued the Proposed Rule in response to New York City Executive Order No. 10, entitled “Fighting Subscription Tricks and Traps,” which directs the agency to consider a rulemaking to regulate subscription services. Among other things, the Proposed Rule would require certain disclosures for automatic renewal and continuous service offers, obligate providers to offer cancellation over the same medium that consumers used to sign up for the service, require online cancellation in certain instances, and limit service providers’ ability to offer discounted services or provide additional information in response to a cancellation request.

FTC and DOJ Seek Comment on Premerger Notification and Report Form. On March 25, the FTC and DOJ announced a Joint Request for Public Comment regarding the effectiveness of the Hart-Scott-Rodino Antitrust Improvements Act’s (HSR Act) premerger reporting requirements. Under the HSR Act, parties to certain mergers and acquisitions are required to submit premerger notification forms that disclose certain information about their proposed transactions. The agencies adopted an updated HSR form that took effect in February 2025 but was vacated by a federal district court in February 2026. Accordingly, the FTC and DOJ currently use the original HSR form. The joint request for information seeks input on the effectiveness, implementation, and potential areas for further refinement of an updated form, as well as ways to increase efficiency and reduce the burden for non-problematic transactions. Comments are due May 26.