CFPB Withdraws Guidance and Proposed Rules on Data Broker, Video Game Payments, and Contract Clauses
On May 15, the CFPB withdrew three Biden-era rulemaking proposals, including a December 2024 proposal to regulate data brokers as consumer reporting agencies under the Fair Credit Reporting Act (FCRA), a January proposal to extend Regulation E to emerging payment systems such as those used in video games and esports betting, and a proposed interpretive rule targeting restrictive and potentially unlawful terms in consumer contracts.
According to the CFPB, the withdrawals stemmed in part from legal concerns raised during the public comment process, including challenges to the statutory basis for the data broker rule under the FCRA. The now-rescinded proposals included the following:
Data broker classification under the FCRA. The data broker classification rule (previously discussed here) would have amended Regulation V to clarify that data brokers selling consumer data such as credit history, income, payment behavior, or personal identifiers, are subject to the FCRA when that data is used for eligibility decisions. The rule aimed to treat certain data sales as “consumer reports,” impose FCRA duties on data brokers operating as consumer reporting agencies, and limit the sale of credit header data to only those with a permissible purpose. It also sought to curb re-identification of de-identified information and restrict use of consumer data for marketing absent clear authorization.
Regulation E protections to emerging payment systems. The proposal (previously discussed here) would have extended Regulation E protections to users of emerging payment tools, such as those used in video gaming system, esports betting and certain virtual currency accounts. The Bureau argued that digital assets like stablecoins fall within the definition of “funds” under the Electronic Fund Transfer Act, and that platforms offering wallet-like services may qualify as “financial institutions.” The rule would have required covered institutions to provide extensive disclosures and imposed liability for unauthorized transfers involving digital assets.
Prohibition of restrictive terms in consumer contracts. The rule (previously discussed here) sought to ban contract clauses that waive consumers’ substantive legal rights, including those that allow unilateral changes to key terms, and those that restrict lawful free expression, such as limitations on public reviews or complaints. The rule would have also codified long-standing provisions of the FTC’s Credit Practices Rule.
Putting It Into Practice: The latest move continues the CFPB’s efforts to pull back from the regulatory priorities of the previous administration (previously discussed here, here, and here). The Bureau has steadily rescinded proposals and guidance issued under the previous administration, signaling a shift toward a narrower, less aggressive regulatory approach (discussed here). As the CFPB scales back, financial institutions can expect other federal agencies and state regulators to continue to pick up their enforcement priorities (previously discussed here, here, and here).
Listen to this post
Generative AI Training May Not Qualify for the Fair Use Defense
Last week, the Copyright Office released the third and final part of its report exploring copyright-related issues posed by artificial intelligence (AI). Unlike the first two parts, the third was released as a “pre-publication” version. It was published less than a day after Dr. Carla Hayden, the Librarian of Congress, was fired by President Trump and a day before Shira Perlmutter, the Register of Copyrights, was fired by President Trump. Building off its earlier parts, the latest publication focuses on how copyright law and the fair use defense should be applied to companies that use copyrighted works to train AI models.
The report concluded that companies presumptively infringe the copyright protections of others when they copy materials to use in training data. Additionally, the report concluded that the numerical parameters of the model can also be infringing when it can reproduce the copyrighted work as a memorized example.
However, the fair use defense permits copying another’s work. Many uses of copyrighted works by an AI model are likely transformative. However, the Office concluded that commercializing copyrighted works in training data to compete with the original works is unlikely to fit the fair use exception. AI models rapidly create new works that imitate a creator’s style. The Office concluded that this market dilution weighs against the fair use argument for generative AI companies.
Recognizing that the copyrighted data is needed in the training data, the report concluded by exploring different licensing frameworks that companies can use to acquire the data. The report does not recommend that the government intervene to establish a licensing regime right away, but that the market should continue to develop.
It is unclear if the Trump administration will rescind the report or issue a final report with changes. However, companies developing AI tools should likely consider the report regardless of the administration’s actions.
CFPB Withdraws Dozens of Guidance Documents as Part of Deregulatory Push
On May 12, the CFPB formally withdrew nearly 70 guidance materials—including policy statements, advisory opinions, circulars, and interpretive rules—through a Federal Register notice issued by Acting Director Russell Vought. The move stems from an internal memo circulated last month to identify guidance that allegedly imposed unlawful compliance burdens or exceeded statutory authority.
According to the notice, the rescinded documents include guidance dating back to 2011 and cover a wide range of topics. The CFPB cited three primary reasons for the withdrawal: reducing unwarranted compliance burdens, minimizing regulatory overlap with other agencies, and eliminating guidance that allegedly exceeded statutory or regulatory requirements.
The withdrawn guidance spans a wide range of substantive areas, including a 2024 interpretive rule applying Regulation Z to buy now, pay later (BNPL) products; a 2020 advisory opinion addressing the Truth in Lending Act’s application to earned wage access products, and a 2024 advisory opinion asserting UDAAP liability for deceptive or unfair medical debt collection practices, among others.
The notice also emphasized that although the withdrawal is effective immediately, it is not necessarily final. The Bureau may reissue select guidance in the future, but only if deemed necessary or reduces, compliance burdens. In the meantime, the CFPB will not enforce or rely on the withdrawn documents.
Putting It Into Practice: The CFPB’s decision to withdraw dozens of guidance documents continues the broader effort to scale back the agency’s regulatory authority. While the CFPB is rescinding this guidance, potential UDAAP violations, EWA practices, and other issues remain subject to enforcement by other federal and state regulators (previously discussed here and here).
Listen to this post
California Employers Beware – New Minimum Wage to be Implemented in Several California Localities
Complying with California’s multiple wage and hour laws is essential to avoid exposure and potential litigation. As many California employers know well, minimum wage is a highly litigated area of the state’s wage and hour law. As such, staying up to date with changes to minimum wage law is critical.
Beginning on July 1, 2025, several California localities are set to increase their minimum wage. Employers in these localities should review and update their policies and practices to comply with the scheduled increases. These localities and increases include the following:
Locality
Prior Minimum Wage
New Minimum Wage
City of Los Angeles
$17.28
$17.87
Los Angeles County unincorporated areas
$17.27
$17.81
City and County of San Francisco
$18.67
$19.18
City of Berkeley
$18.67
$19.18
City of Emeryville
$19.36
$19.90
City of Fremont
$17.30
$17.75
City of Milpitas
$17.70
$18.20
Santa Monica
$17.27
$17.81
West Hollywood – Hotel Employees
$19.61
$20.22
The minimum wage in other California localities, such as Alameda County, is also set to increase on July 1, 2025. However, the new minimum wage has not been posted.
CFPB Director Nominee to Move to Treasury Finance Role
On May 9, the U.S. Department of the Treasury announced that President Trump intends to nominate Jonathan McKernan to serve as the Undersecretary of Domestic Finance. McKernan had been awaiting Senate confirmation to lead the CFPB, but the White House confirmed his nomination will be rescinded as the administration continues to pursue structural change to the Bureau.
As Undersecretary of Domestic Finance, McKernan would oversee federal fiscal policy, manage public debt, and coordinate regulatory initiatives involving financial institutions and markets. His reassignment leaves acting CFPB Director Russell Vought in charge of the Bureau until a new nominee is named.
Putting It Into Practice: McKernan’s reassignment leaves a big question mark on the Bureau’s future. While the Trump administration look to bring forth a new nominee? Or will Vought remain as Acting Director until its fate is decided by the courts. We will continue to monitor the situation for further developments.
Listen to this post
EPA Announces Plan to Scale Back and Extend Compliance Deadlines for Federal Drinking Water Regulations on PFAS
On May 14, 2025, less than three weeks after the U.S. Environmental Protection Agency (EPA) released its strategy to address per and polyfluoroalkyl substances (PFAS), the EPA announced its intent to retain the existing drinking water standards for the two most common PFAS (perfluorooctanoic acid (PFOA) and perfluorooctane (PFOS)). At the same time, EPA stated it would rescind and “reconsider” the regulation of the four other PFAS compounds included in the previous rule (perfluorononanoic acid (PFNA), hexafluoropropylene oxide dimer acid and its ammonium salt (HFPO-DA, commonly known as GenX chemicals), perfluorohexane sulfonic acid (PFHxS) and perfluorobutane sulfonic acid (PFBS)). For more information on the prior rule, see our April 2024 Alert, available here and for more information on EPA’s strategy to address PFAS, see our April 2025 Alert, available here.
In addition to limiting the number of PFAS compounds subject to regulation under the Safe Drinking Water Act, EPA stated it would extend compliance deadlines for PFOA and PFOS from 2029 to 2031, create a framework for federal exemptions for passive receivers of PFAS (consistent with its goal to “hold polluters accountable”), and establish a new “PFAS OUTreach Initiative” (PFAS OUT). According to EPA Administrator Lee Zeldin, with its particular emphasis on water systems in rural and small communities, PFAS OUT will “connect with every public water utility known to need capital improvements to address PFAS in their systems” by sharing resources, tools, funding, and technical assistance to help utilities meet the federal drinking water standards.
OMB Approves Proposed 2024 EEO-1 Instruction Booklet—Filing Site Expected to Open Soon
On May 12, 2025, the Office of Management and Budget (OMB) approved the 2024 EEO-1 Instruction Booklet submitted by the U.S. Equal Employment Opportunity Commission (EEOC) without changes. The now approved 2024 EEO-1 Component 1 Data Collection Instruction Booklet eliminates the option to report non-binary employees, stating that the reporting provides “only binary options (i.e., male or female) for reporting employee counts.” It also sets a shortened reporting period stating that the filing platform will open on May 20, 2025, and close on June 24, 2025.
Quick Hits
The OMP approved the EEOC’s proposed 2024 instruction booklet on EEO-1 data collection on May 12, 2025.
The approved 2024 instruction booklet states that the data collection period will open on May 20, 2025, and close at 11:00 p.m. (EDT) on June 24, 2025.
The approved 2024 instruction booklet removes the option to provide information about non-binary employees.
While the EEOC has not yet posted updates on the EEO-1 landing page, it is expected that the agency will promptly open the 2024 EEO-1 filing platform. While it is not clear if the platform will open on May 20, 2025, it is expected that once the EEOC opens the platform, it will set a filing period of five weeks. Due to the expected opening of the filing platform and the shortened filing period, EEO-1 filers may want to consider working now toward gathering the data necessary for the filings.
President Trump Signs Resolution Nullifying CFPB Overdraft Fee Rule
On May 9, President Trump signed a Congressional Review Act resolution repealing the CFPB’s final rule restricting overdraft fees at large financial institutions. The rule, originally finalized under the Biden administration, would have imposed new limits on overdraft fees charged by banks with over $10 billion in assets.
The repealed rule, which was set to take effect on October 1, 2025, would have capped overdraft fees at $5 unless banks could demonstrate actual cost justification or treat overdraft coverage as a credit product under the Truth in Lending Act.
Putting It Into Practice: The CFPB’s overdraft rule is now void, and the Bureau is barred from issuing a substantially similar regulation in the future under the Congressional Review Act. While large depository institutions are no longer subject to federal overdraft fee caps, they should remain attentive to state-level regulatory activity concerning fees.
Listen to this post
Missouri Legislature Passes Bill to Repeal Earned Paid Sick Time Law
On May 14, 2025, the Missouri General Assembly passed House Bill (HB) 567, which would repeal the Missouri paid sick time statute and eliminate Missouri employers’ obligation to provide earned paid sick time to all Missouri employees.
Quick Hits
The Missouri paid sick time statute requires Missouri employers to provide earned paid sick time, starting May 1, 2025.
On May 14, 2025, the Missouri General Assembly passed HB-567, which would repeal the paid sick time statute. If signed by the governor, the law will be repealed effective August 28, 2025.
Proposition A, which Missouri voters passed via a ballot measure on November 5, 2024, includes a provision that raises the state’s minimum wage as of January 1, 2025, and requires employers to begin providing earned paid sick time (PST) on May 1, 2025. In addition to repealing the state paid sick time law, HB-567 would amend the minimum wage statute.
The Missouri Paid Sick Time Law
Under the current paid sick time law, most Missouri employers must provide earned paid sick time to employees working in Missouri starting May 1, 2025. The law exempts employers that are federal, state, or local governments or political subdivisions of the state. The statute also excludes some categories of workers, such as volunteers, camp counselors, babysitters, golf caddies, some rail carrier employees, and retail employees of businesses with annual gross volume sales of less than $500,000. The law does not apply to employees covered by a collective bargaining agreement (CBA) that was in effect on November 5, 2024, until the CBA is amended, extended, or renewed.
The current PST law allows Missouri employees to:
earn one hour of earned paid sick time for every thirty hours worked;
use PST for an employee’s own illness or medical reasons, illness/medical reasons of an immediate family member, closure of the employer’s business or the employee’s child’s school, and absences due to sexual assault or domestic violence;
use PST in increments of one hour;
use up to fifty-six hours of PST for covered reasons;
carry over up to eighty hours of unused PST at year-end; and
use PST without discipline or retaliation for covered use.
Repealing the Missouri PST Statute
HB-567 passed without an emergency clause because the emergency clause was defeated in the Missouri House of Representatives when it did not receive the requisite two-thirds approval before moving to the Senate. The emergency clause would have allowed the repeal to become effective immediately upon signature by the governor. The bill would take effect on August 28, 2025.
If the bill is signed into law, there will be a seventeen-week period from May 1, 2025, to August 28, 2025, during which Missouri employers must comply with the current PST law. Many employers may want to implement a temporary policy to cover the period when the PST law is still in effect. For employers that have a paid-time-off (PTO) policy that meets all the requirements of the statute, no additional PTO policy is necessary.
Key Takeaways
Missouri employers must provide earned paid sick time to eligible Missouri employees while the law is in effect. If the governor signs HB-567, employers may want to implement a short-term policy to provide the required PST benefits from May 1, 2025, to August 28, 2025. Additionally, employers may want to consider how to use an existing PTO policy for short-term compliance and address what will happen to earned PST upon repeal of the law.
FTC Issues FAQs on ‘Junk Fees’ Rule
The Federal Trade Commission’s Rule on Unfair or Deceptive Fees, sometimes called the “Junk Fees Rule,” took effect on May 12, 2025. In advance of that effective date, the FTC published Frequently Asked Questions (FAQs) to provide guidance to consumers and businesses regarding the Rule.
In a press release announcing the FAQs, the FTC reiterated that the Rule “prohibits bait-and-switch pricing and other tactics used to hide total prices and mislead people about fees in the live-event ticketing and short-term lodging industries,” and also said that the Rule “furthers President Trump’s Executive Order on Combating Unfair Practices in the Live Entertainment Market by ensuring price transparency at all stages of the live-event ticket-purchase process, including the secondary ticketing market.”
The reference to Trump’s executive order indicates that while the Biden administration started the war on so-called junk fees, the Trump administration will continue it, though potentially with a more restrained strategy.
The FAQs
The FAQs represent the FTC “staff’s views” on the Rule and its requirements. While those views are not binding on the Commission, every business subject to the Rule—or to any unfair or deceptive acts or practices (UDAP) standard—should review the FAQs, which provide insight into how the FTC and other consumer protection agencies are may view fees and fee disclosures. This GT Alert summarizes several of the key points FTC staff made in the FAQs.
What Businesses Does the Rule Cover?
The FAQs explain that businesses selling live-event tickets and short-term lodging are covered by the Rule, and that the Rule covers both individual (B2C) and business (B2B) transactions.
What Are the Rule’s Basic Requirements?
The FAQs explain that the Rule requires businesses to disclose the “total price,” which includes “all charges or fees the business knows about and can calculate upfront, including charges or fees for mandatory goods or services people have to buy as part of the same transaction,” but not taxes or other government charges, shipping charges, or charges for optional goods or services that may be purchased as part of the same transaction.
The FAQs explain that the total-price disclosure must be upfront and more prominently displayed than other price information (except the final amount of payment, as described below) and that excluded charges must be disclosed before the business asks for payment.
The FAQs explain that businesses “must tell the truth about information it’s required to disclose, like how much it’s charging and why” and avoid vague phrases like “convenience fees,” “service fees,” or “processing fees.”
Which Mandatory Fees or Charges Must Be Included in a Business’s Displayed Total Price?
The FAQs explain that businesses must include in the total price “all fees or charges” (other than government charges and shipping charges) that:
people are required to pay, “no matter what”;
people cannot reasonably avoid (the FAQs provide as an example credit card processing charges where there is no other viable payment option);
people are charged for ancillary goods or services that must be purchased “to make the underlying good or service fit for its intended purpose, which reasonable consumers would expect to be part of the purchase”; or
people cannot “effectively agree to because the business employs practices such as default billing, pre-checked boxes, or opt-out provisions.”
Can a Business Itemize Mandatory Fees or Charges?
The FAQs explain that businesses can itemize mandatory fees or charges so long as the itemization does “not overshadow the total price,” is truthful, and does not mispresent fees.
Which Fees or Charges Can Businesses Exclude from the Total Price?
The FAQs explain that businesses may only exclude “government charges, shipping charges, and fees or charges for optional ancillary goods or services that people choose to add to the transaction.” But the FAQs also explain that any excluded fees must be disclosed in the final payment amount that must be presented before the consumer is asked to pay, along with “the nature, purpose and amount of the [excluded] fee or charge” and “the good or service for which the [excluded] fee or charge is imposed.” When Must a Business Disclose the Final Amount of Payment, Including Fees or Charges It Excluded from the Total Price?
The FAQs explain that businesses must clearly, conspicuously, and prominently disclose the final amount of payment—that is, the total price plus any charges excluded from the total price—“before asking people to pay.” The final amount of payment must be disclosed “as prominently as, or more prominently than,” the total price.
Can Businesses Charge Credit Card Surcharges and Other Payment Processing Fees and, if So, Can They Exclude Such Fees from the Total Price?
The FAQs explain that businesses may “charge or pass through credit card or other payment processing fees if otherwise permitted by law,” but that, if a business that “requires people to pay with a credit card, the credit card fee is mandatory and must be included in the total price.”
What Happens if a Business Violates the Rule?
The FAQs explain that businesses that violate the Rule “could be ordered to bring their practices into compliance, refunds money back to consumers, and pay civil penalties.”
Takeaways
State and federal consumer protection agencies remain focused on so-called “junk fees,” with new investigations opening at a regular clip. Given that focus, businesses should watch for “junk-fee” related developments at both the state and federal levels and fine-tune their compliance programs in light of those developments.
We have provided ongoing analysis and commentary regarding junk-fee-related developments, including the developments addressed in our prior client alerts and blog posts:
FTC Alleges Fintech Cleo AI Deceived Consumers (March 31, 2025)
FTC Alleges Fintech Dave, Inc. Deceived Consumers (Nov. 15, 2024)
FTC Targets Adobe for Hidden Fees and Deceptive Subscriptions (July 9, 2024)
CFPB Launches Public Inquiry into Rising Mortgage Closing Costs and ‘Junk Fees’ (June 4, 2024)
FTC Takes Action Against Doxo, Citing Junk Fees (June 3, 2024)
California AG Publishes FAQs on California’s ‘Junk Fee’ Law (May 30, 2024)
CFPB Releases Report Highlighting Junk Fees on Mortgage Servicing (March 23, 2024)
CFPB Unveils Final Rule Banning ‘Excessive’ Credit Card Late Fees (Mar. 13, 2024)
CFPB Issues Proposed Rule to Stop ‘Junk Fees’ on Bank Accounts (Feb. 1. 2024)
California Bans Hidden Fees, Effective July 1, 2024 (Oct. 17, 2023)
FTC Proposed Rule Targeting ‘Junk Fees’ (Oct. 16, 2023)
CFPB Issues Advisory Opinion on ‘Illegal Junk Fees’ By Large Financial Firms (Oct. 12, 2023)
The State of Employment Law: Eight States Require Final Pay on the Termination Date
It’s time to terminate an employee. Perhaps they were a consistently poor performer, and you have known for months that this day would come. Or perhaps an employee committed gross misconduct today and the need for termination is sudden and unexpected. Either way, are you prepared to pay your terminated employee their final paycheck right away? In eight states, you need to be.
Most states allow employers a reasonable time to pay a terminated employee their final wages. The next regularly-scheduled payday is a common deadline, but even less-patient states tend to give employers at least several days to pay final wages. But California, Colorado, Hawaii, Massachusetts, Minnesota, Missouri, Montana, and Nevada all require employers to pay final wages to an employee on the date of their termination.
There are a few caveats to this rule. In Colorado and Hawaii, if an employer’s payroll unit is not operational on the termination date or there is some other circumstance that makes immediate payment impossible, the employer may have until the following business day to pay. In Massachusetts, employers in Boston may wait to pay until payrolls, bills, and accounts are certified. Otherwise, employers in these states need to be prepared to pay final wages on the termination date without exception.
This can put employers in a logistical bind. What do you do, for example, if an employee punches a coworker at 4:55 before you close for the day at 5:00 and your payroll staff is already gone for the day? In situations like this, you may need to wait until the following day to terminate your fighting employee.
OCC Confirms Banks Authority to Offer Crypto Custody and Execution Services
On May 7, the OCC issued Interpretive Letter 1184, reaffirming that national banks and federal savings associations may provide cryptocurrency custody and execution services, including through sub-custodians. The OCC confirmed that these activities are permissible under existing banking authority so long as banks comply with applicable law and engage in safe and sound practices.
The letter builds upon earlier OCC guidance, including Interpretive Letters 1170 and 1183. Specifically, the OCC clarified the following:
Execution of crypto trades at customer direction is permissible. Banks may buy and sell crypto-assets held in custody or on behalf of customers, so long as the transactions are executed at the customer’s direction and in accordance with the customer agreement.
Outsourcing to third parties is allowed with appropriate oversight. Banks may engage sub-custodians and outsource custody or execution functions, provided they maintain robust third-party oversight practices and ensure proper internal controls are in place.
Crypto custody remains a modern extension of traditional bank custodial services. The OCC reiterated its position that holding crypto-assets is functionally similar to traditional custody services, which fall within banks’ statutory authority.
Fiduciary activities must follow applicable regulations. When acting in a fiduciary capacity, national banks must comply with 12 C.F.R. Part 9 or Part 150 for federal savings associations, including rules on the custody and control of fiduciary assets.
Putting It Into Practice: The OCC’s latest guidance offers banks further regulatory clarity in connection with crypto-related services (previously discussed here and here). Banks considering entry into the digital asset space should track these regulatory shifts closely and ensure their compliance, risk management, and third-party oversight frameworks are equipped to support crypto operations.