EPA Releases New MyPest Tracking System
On January 17, 2025, the U.S. Environmental Protection Agency (EPA) released its new MyPest tracking system to provide transparency and visibility into the real-time status of pesticide submissions. MyPest is a web-based system that tracks a registrant’s pesticide applications and products after submission via EPA’s Central Data Exchange (CDX). MyPest allows users to view and communicate with the Office of Pesticide Programs (OPP) regarding their pesticide products and pending applications.
Pursuant to the requirements in the Pesticide Registration Improvement Act of 2022 (PRIA 5), MyPest seeks to provide accurate, up-to-date information about pesticide applications that are with EPA’s OPP for review.
The MyPest application is available at https://oppt.my.site.com/mypestapp/s/.
EPA provides a user guide with instructions for using the MyPest application for specific functions based on the four available roles, including:
Company Admin (CA)
Every registrant company must have at least one user designated as the CA.
This the highest level in the hierarchy of user roles and gives the user the most access and control of any role in the company.
CAs can view the status of all current projects and can access product history to view information about previously submitted projects.
CAs are the only users allowed to invite new users, approve or deny new user requests, and revoke the access of a user.
A company can have multiple CAs, however, only the first CA for a company is approved directly by EPA. No other role can be assigned to a company before the first CA is approved by EPA. After the first CA is approved, that person will approve all other roles, including additional CA roles.
CAs can be assigned to multiple companies.
Company Representative (CR)
A company can have multiple CRs.
CRs have access to all user submissions on behalf of the company.
CRs can be assigned to multiple companies.
Consultant
A company can have multiple Consultants.
Consultants only have access to view the projects that they are currently working on or have worked on in the past.
By default, Consultants only have access to view information at the case level but can request to view the information at the product level. The Consultant’s cases are assigned by the CAs.
Contributor
Contributors are assigned for a specific purpose and for a limited time.
All information submitted by the Contributor is marked as “Confidential” but can be toggled on and off.
Any information marked as “Confidential” only can be viewed by the Contributor.
The CA assigns cases to the Contributor upon role request approval.
All MyPest roles are established per EPA Company Number. If a company has multiple Company Numbers, then a CA will need to be set up for each unique EPA Company Number.
The company CA first must request the CA role in MyPest. EPA approves only the first CA per EPA Company Number, as the CA then will approve future role requests.
UK ICO Publishes its 2025 Strategy for Online Tracking
On January 23, 2025, the UK Information Commissioner’s Office (“ICO”) published its new online tracking strategy for 2025 (the “Strategy”) which sets out how it intends to achieve its “vision” of “a fair and transparent online world where people are given meaningful control over how they are tracked online.” Through the Strategy, the ICO seeks to ensure that, amongst other things, individuals can operate online with trust and confidence and meaningfully control how their data is used, and organizations are not disadvantaged by following the rules and improving their approach to online tracking to ensure it is compliant.
The ICO has identified the following four areas where individuals are not being given sufficient control of their data as provided by data protection law:
Deceptive or absent choice: Individuals are often not presented with an adequate choice regarding the use of non-essential cookies and similar tracking technologies.
Uninformed choice: When individuals are presented with the option to provide consent, there are instances where organizations do not provide adequate information with respect to the purposes being consented to.
Undermined choice: When organizations appear to be transparent about their processing, there are instances when the processing activities performed do not align with the description of the processing.
Irrevocable choice: When individuals are presented with a clear and transparent option to provide consent, there are instances where there is no meaningful way to withdraw consent provided.
In the Strategy, the ICO explains how it proposes to take action on these issues, specifically by:
Encouraging publishers to deploy more privacy-preserving advertising that does not involve extensive profiling of individuals based on their online activity, habits and behavior potentially across different services and devices. In doing so, the ICO intends to revisit the requirements of the Privacy and Electronic Communications Regulations and to work with UK government to explore where amendments could be made.
Building on the ICO’s work in 2024 regarding cookies, the ICO now intends to focus on bringing the UK’s top 1,000 websites into compliance with regards to non-compliant cookie usage (see previous blog on the topic).
Ensuring that non-compliant online tracking does not take place on apps and Internet-connected TVs.
Publishing guidance on ‘consent or pay models’ (also published on January 23, 2025) which seeks to clarify how publishers can deploy these models to give individuals meaningful control over online tracking while supporting their economic viability.
Providing industry with clarity on requirements of data protection law. This includes, for example, publishing the final guidance on storage and access technologies (formerly known as the “cookie guidance”).
Investigating potential non-compliance by data management platforms that connect online advertisers and publishers.
Supporting the public in taking control of online tracking by publishing guidance on how individuals can understand and control the use of their information online, and raise awareness of their rights.
Read the ICO statement on the Strategy.
Here It Is!!! Deserve to Win (Ep. 30)– Breaking Down the Biggest Day in TCPAWorld History [Video]
So last Friday was the biggest day in TCPAWorld history so far with the massive one-two punch of the FCC staying the new TCPA one-to-one rule literally just minutes before the Eleventh Circuit Court of Appeals vacated the ruling altogether.
All of this minutes before the close of business the business night before the rule was set to go into effect today!
My goodness.
It was high drama throughout the night, however, with the CEO of a publicly traded company then specifically questioning REACH’s efforts in his own ill-advised attempt to take credit for the rulings. Just magnificent stuff.
TCPAWorld readership has been off the charts all weekend, and now you can enjoy Troutman Amin, LLP’s official analysis and reactions to all of these developments and–most importantly–its breakdown of the decision in IMC v. FCC and what happens next.
Watch the podcast now to hear the Czar, Queenie and the Countess discuss:
The lead up to the ruling and the last-minute efforts to stay the case;
The incredible last-minute stay issued by the FCC;
Lending Tree’s insane effort to take credit for the stay and claim of a supposed secret deal; and most importantly
The ruling of the Eleventh Circuit Court of Appeals striking down one-to-one consent:
What does this mean for lead generation?
What was the basis for the court’s ruling?
What happens next for compliance efforts?
This really is the most important podcast episode we have put out and it is yours FREE to watch (and re-watch) RIGHT NOW!!!:
New IRS Regulations Address Cross-Border Cloud Computing and Digital Infrastructure Transactions
Go-To Guide:
IRS issues final regulations classifying cross-border cloud transaction income as service income, including for purposes of sourcing such income for U.S. federal tax purposes.
Proposed regulations introduce a three-factor test for sourcing cloud transaction income based on location of intangible property, personnel, and tangible assets.
In light of the new rules, U.S. and non-U.S. businesses engaging in cross-border cloud computing and digital infrastructure transactions should carefully consider the location of their personnel, intangible property (including R&D activity), and tangible property that contribute to the generation of income from such transactions to optimize their tax planning and tax efficiency.
Proposed regulations also include anti-abuse provisions that seek to prevent artificial reduction of U.S. federal income tax liability in a manner inconsistent with the regulations’ purpose.
Final regulations refine definitions of cloud transactions and digital content transactions, replacing de minimis rule with predominant character test.
On Jan. 10, 2025, the IRS released two sets of regulations under Section 861 of the Internal Revenue Code. The Final Regulations treat income from cloud transactions as income from services and clarify definitions of cloud transactions and digital content transactions for U.S. federal income tax purposes. The Proposed Regulations provide a mathematical formula to determine the source of income from cloud transactions, based on the location of the taxpayer’s employees and assets (both tangible and intangible).
The Final Regulations took effect Jan. 14, 2025. The Proposed Regulations will not become effective until the IRS adopts final rules.
Impact on US and Non-US Businesses
The new regulations impact businesses across all industries, due to the widespread use of digital and cloud-based transactions. As mentioned in our August 2019 GT Alert, before the Proposed Regulations, the rule for sourcing income in connection with cloud transactions for U.S. federal tax purposes was unclear, and sourcing of such income was determined under the general rules under Section 861 and Section 862 of the Internal Revenue Code.
As discussed in more detail below, the Final Regulations and Proposed Regulations provide welcome guidance on how to analyze whether and what portion of income derived by non-U.S. businesses from providing on-demand network access (cloud transactions) in the United States would be sourced to the United States for U.S. federal income tax purposes, and would therefore generally be subject to U.S. tax.
This guidance is also relevant to U.S. businesses engaging in cloud transactions outside the United States because the sourcing of their income from such transactions would affect their ability to claim foreign tax credits in the United States for foreign income taxes imposed on such income.
Under the Proposed Regulations, if finalized as proposed, income from cloud transactions would be considered U.S.-sourced (and would therefore generally be subject to U.S. tax) to the extent that the non-U.S. business’ personnel, intangible property, and tangible property contributing to the generation of such income are located or performed within the United States. Factors such as the customers or executing agreements’ locations would not be relevant for purposes of such determination.
In light of the new final and proposed regulations, U.S. and non-U.S. businesses engaging in cross-border cloud computing and digital infrastructure transactions should carefully consider the location of their personnel, intangible property (including R&D activity), and tangible property that contribute to the income generation from such transactions to optimize their tax planning and tax efficiency.
Cloud Transactions as Service Income
The Final Regulations define a cloud transaction as “a transaction through which a person obtains on-demand network access to computer hardware, digital content, or other similar sources” and classify income from cloud transactions solely as income from the provision of services for U.S. federal income tax purposes. This differs from the 2019 Proposed Regulations, which classified income from cloud transactions either as income from the provision of services or from the lease of property based on nine factors enumerated in those regulations.
Proposed Three Factor Sourcing Test
For purposes of sourcing income from cloud transactions between U.S. source income and non-U.S. source income for U.S. federal income tax purposes, the Proposed Regulations follow the general sourcing rule that applies to service income, i.e., sourcing based on where the services are performed.
Under the Proposed Regulations, to determine the source of income, the location of the cloud services generating the cloud transaction income would be determined based on the location of the following three factors, to the extent they contribute to generating that income:
1.
Intangible property: The intangible property factor reflects the contribution of intangible assets, such as software, algorithms, and research, to the performance of cloud services. It includes research and experimentation expenses, royalties, and amortization for intangible assets used in the service. This factor is sourced based on the location of employees involved in research and experimentation related to the cloud transaction, and expenses are allocated among transactions based on their relative income. The IRS aims to use practical proxies like compensation and research expenditures to avoid complexities in tracing intangible property’s direct contribution.
2.
Personnel: The personnel factor accounts for the contribution of employees who directly engage in providing cloud services, such as technical staff and immediate managers overseeing operations. It excludes those in strategic, sales, or administrative roles. Compensation for these employees is allocated based on the time they spend working on cloud transactions. The portion of this factor attributed to U.S. sources is determined by the location of the employees performing these activities, ensuring that only those directly involved are included in the calculation.
3.
Tangible Property: The tangible property factor includes the value of physical assets, like servers and networking equipment, used in cloud transactions. It is calculated by including depreciation and rental expenses for property directly supporting the service. The U.S. portion of this factor is based on the location of the tangible property. Depreciation is computed without considering accelerated tax deductions, reflecting the true economic life of the property used in providing the cloud service.
The Proposed Regulations outline a formula to determine the U.S.-sourced portion of gross income from cloud transactions. This formula involves multiplying the gross income by a fraction. The denominator of this fraction is the sum of the three factors (intangible property, personnel, and tangible property), regardless of their location. The numerator is the sum of the portions of these factors that are located or performed within the United States.
A taxpayer is allowed to aggregate substantially similar cloud transactions and source the gross income from those transactions as if they were one transaction, but prohibits aggregation if it materially distorts the source of income. However, the Proposed Regulations’ sourcing rule would apply on a taxpayer-by-taxpayer basis. Therefore, when calculating the gross income of an entity that provides cloud services, only the assets and personnel of that entity are considered.
The Proposed Regulations also include a general anti-abuse provision, under which if the taxpayer has entered into or structured one or more transactions with a principal purpose of reducing its U.S. tax liability in a manner inconsistent with the regulations’ purpose, the IRS would adjust the source of the taxpayer’s gross income to reflect the location where the cloud transactions is performed.
The Proposed Regulations are not final Treasury regulations and, in the absence of an actual reliance provision within them, taxpayers cannot rely upon them. Nonetheless, they provide guidance and insight into the IRS’s directional thinking regarding sourcing income from transactions involving cloud computing and digital infrastructure. Further, income from cloud transactions characterized as services income may be re-sourced under the provisions of an income tax treaty if the taxpayer qualifies for the treaty’s benefits. This re-sourcing could be particularly significant for foreign tax credits, offering additional considerations for cross-border tax planning.
Digital Content Transactions
The Final Regulations define a digital content transaction as a transaction that constitutes a transfer of digital content or the provision of modification or development services or of know-how with respect to digital content. The definition of digital content remains unchanged but is refined to include “content that is not protected by copyright law solely because the creator dedicated the content to the public domain.” The Final Regulations replace the de minimis rule with a predominant character rule for characterizing transactions with multiple elements. The “predominant character” is determined by the primary benefit of value received by the customer, and the rule would apply to both digital content transactions and cloud transactions.
Connie Keng also contributed to this article.
Is the Future of Digital Assets in the United States Bright Again?
Yes, indeed! What Brad Garlinghouse of Ripple Labs called “Gensler’s reign of terror” ended with Securities and Exchange Commission (SEC) Chair Gary Gensler’s resignation upon President Donald Trump’s inauguration. Paul Atkins, who has co-chaired the Token Alliance, spoke of the need for a “change of course” at the SEC and will be given charge of the SEC when he is confirmed as its new Chairman.
While the greatest deliberative body takes time to exercise its constitutional role of advice and consent, President Trump and Acting SEC Chairman Mark Uyeda are moving ahead at lightning speed, each taking action in the first week of the new administration. The long-awaited paradigm shift in regulation for digital assets is here and the market likes what it sees, with Bitcoin now trading near an all-time high and the total market capitalization of digital assets topping the US$3 trillion mark. Projects are once again being funded in—and development teams are returning to—the United States.
The day after his inauguration, President Trump signed an Executive Order, Strengthening American Leadership in Digital Finance Technology, aiming to “support the responsible growth and use of digital assets, blockchain technology, and related technologies across all sectors of the economy.” This comes on the heels of a newly announced Crypto Task Force at the SEC, dedicated to developing a comprehensive and clear regulatory framework for digital assets, including “crypto” assets.
The Executive Order
In his Executive Order, President Trump points to the crucial role that the digital assets industry plays in the innovation and economic development of the United States, declaring it to be the policy of his administration to:
Protect and promote public blockchain networks, mining and validating, and self-custody of digital assets.
Protect and promote the U.S. dollar by promoting stablecoins worldwide.
Provide regulatory clarity and certainty built on technology-neutral regulations, including well-defined jurisdictional regulatory boundaries.
President Trump’s 2025 Executive Order revokes former President Biden’s 2022 Executive Order regarding crypto assets and orders the Secretary of the Treasury to likewise revoke all prior inconsistent Treasury policies.
Most significantly, the Executive Order establishes the “President’s Working Group of Digital Asset Markets” to be chaired by the “Special Advisor for AI and Crypto,” Silicon Valley venture capitalist David Sacks, who is sometimes called the “Crypto Czar.” Its Executive Director will be “Bo” Hines of North Carolina. The Working Group will consist of specified officials (or their designees) such as the Secretaries of the Treasury, Commerce, and Homeland Security, the Attorney General, the Director of Office, Management and Budget, the Homeland Security Advisor, and the Chairs of the SEC and the Commodities and Futures Trading Commission (CFTC).
The Working Group has been charged to hit the ground running:
By February 22, 2025, the Treasury, DOJ, SEC and other relevant agencies included in the Working Group shall identify all regulations, guidance documents, orders, or other items that affect the digital assets sector. In other words, what has the federal government done so far?
By March 24, 2025,each agency shall submit recommendations with respect to whether each identified regulation, guidance document, order, or other itemshould be rescinded or modified, or, for items other than regulations, adopted in a regulation.
By the end of last week, the SEC had already rescinded Staff Accounting Bulletin 121, an especially troubling piece of guidance that the SEC never approved and that Congress had sought to overturn but former President Biden retained. SAB 121 required crypto custodial banks to carry customer assets on their balance sheets—something required for no other asset. Upon rescinding SAB 121, SEC Commissioner Hester Pierce tweeted, “Bye, bye SAB 121! It’s not been fun.” Another piece of SEC guidance that might be on the chopping block is the so-called “Framework for ‘Investment Contract’ Analysis of Digital Assets,” which has confounded the digital assets industry since it was first adopted.
By July 22, 2025, the Working Group shall submit a report to the President recommending i that advance the policies established in the order. In particular:
The Working Group will propose a federal regulatory framework governing the issuance and operation of digital assets, including stablecoins, in the United States. The Working Group’s report shall consider provisions for market structure, oversight, consumer protection, and risk management.
The Working Group will have significant choices to make in this regard: Will it back the “FIT 21” bill that has already been approved by the U.S. House of Representatives, or will it seek to chart a different course? Will it back a merger of the CFTC with the SEC? How will it reconcile the desire to support technology innovation with national security interests and investor protection?
The Working Group will evaluate the potential creation and maintenance of a national digital asset stockpile and propose criteria for establishing such a stockpile, potentially derived from cryptocurrencies lawfully seized by the federal government through its law enforcement efforts. In this regard, President Trump might be seen as having backed off his earlier promise to create a Bitcoin reserve in the United States, as it is now being considered rather than proposed for immediate adoption. The word “Bitcoin” does not appear even once in the Executive Order.
President Trump’s Executive Order also prohibits the establishment, issuance, or promotion by federal agencies of Central Bank Digital Currencies (CBDCs) within the United States or abroad, terminating any ongoing plans or initiatives related to the creation of a CBDC within the United States. The libertarians who dominate appointments in the financial services sector of the administration are strongly opposed to CBDCs, viewing them as a threat to personal liberty.
In issuing this Executive Order, President Trump fulfilled his campaign promises relating to crypto assets. In a July 27, 2024, address to the Bitcoin 2024 Conference in Nashville, he promised to “end Joe Biden’s war on crypto.” He promised:
To “fire Gary Gensler,” who resigned upon Trump’s inauguration.
To “immediately shut down Operation Chokepoint 2.0,” which he is carrying out in his order to Department of the Treasury.
To appoint the aforementioned Working Group.
To defend the right to self-custody.
To ban CBDCs.
In the first week, we are seeing that, at least thus far, promises made are promises kept.
SEC Crypto Task Force
On the SEC side, Commissioner Hester Pierce, known as “Crypto Mom,” will head the Crypto Task Force that will work to develop a “sensible regulatory path that respects the bound of the law.” The SEC under former President Biden used “regulation by enforcement” rather than “regulation by rulemaking and interpretation” to regulate the crypto asset industry. President Trump’s SEC has already signaled the “course correction” that Paul Atkins called for before the election. Both Commissioners Peirce and Uyeda worked for Atkins in his prior stint as an SEC Commissioner. Others have observed that the Atkins-Peirce-Uyeda “triumvirate” might be the most powerful cohort of Commissioners that the SEC has ever seen.
The SEC announcement states that the Task Force will be focused on developing clear regulatory lines, realistic paths to registration, sensible disclosure frameworks, and deploying enforcement resources judiciously. The Task Force plans to hold future roundtables and is asking for public input as well.
The day that the SEC Task force was announced, Foley & Lardner submitted suggestions to the SEC for roundtable topics. Our suggestions included:
What Securities Act registration exemptions should be adopted to broaden market access to digital assets? An example might be the “safe harbor” that Commissioner Peirce proposed and refined, only to have it ignored by the Gensler SEC.
What guidance should the staff have given that it has failed to give? What guidance should be withdrawn? There has been no guidance about how Regulation S applies to digital asset offerings, to point out one shortcoming. The staff might have given guidance, but Chairman Gensler prohibited it, adopting the view that the SEC does not give legal advice.
What needs to change for you to “come in and register” if you are a token “issuer”? Plainly the system is broken now, as those who have tried to register were delayed indefinitely and ultimately conceded defeat. Others, seeing this, never even tried.
What needs to change for you to “come in and register” if you are a token “dealer” or “exchange”? These questions are paramount for crypto exchanges that do business in the United States and have been sued by the SEC for failing to register.
What needs to change for you to “come in and register” your crypto brokerage firm? What more can be done for you to “come in and register” your crypto fund? How can the SEC facilitate trading in securities tokens and other tokenized assets? How can the SEC better collaborate with the CFTC regarding digital assets? What legislation should the SEC recommend for adoption by Congress? All these questions, and more, need to be addressed by the SEC, engaging the public as the answers are determined. In each case, the SEC would act consistently with its statutory mandate to protect securities investors and assure fair and orderly markets.
Next Steps
Foley has offered to assist the SEC in its consideration of these questions and expect to be involved in some capacity along the way. Likewise, we expect to make submissions to the President’s Working Group. If you would like to be represented in that process to make sure that your views are considered, please reach out to either of the authors. We are engaging with the House Financial Services Committee and the Senate Banking Committee in addition to the Trump Administration, the SEC, and the CFTC.
Similarly, if you have a development team or a product and are looking to access the U.S. digital asset markets lawfully, we are standing by to help.
President Trump Issues Executive Order on Crypto as SEC Signals Enforcement Shift
On January 23, 2025, President Trump issued an executive order entitled “Strengthening American Leadership in Digital Financial Technology,” establishing his Administration’s policy “to support the responsible growth and use of digital assets, blockchain technology, and related technologies across all sectors of the economy” (the “EO”).
The EO sets out five high-level policy objectives:
protecting the lawful use of blockchain networks, participation in mining and validation, and self-custody of digital assets without unlawful censorship;
promoting dollar-backed stablecoins;
ensuring fair and open access to banking services;
providing “regulatory clarity” for digital assets based on “well-defined jurisdictional regulatory boundaries;” and
prohibiting Central Bank Digital Currencies (“CBDC”).
As an initial matter, the EO rescinds Executive Order 14067 issued by President Biden on March 9, 2022, which, among other things, placed “the highest urgency on research and development efforts into the potential design and deployment options of a United States CBDC.” The EO also rescinds the Department of the Treasury’s “Framework for International Engagement on Digital Assets,” issued on July 7, 2022. A press release regarding the framework stated that it set forth steps for international cooperation on digital assets while respecting core U.S. democratic values, protecting consumers, ensuring interoperability, and preserving the safety and soundness of the global financial system. A White House statement accompanying the EO asserts the framework “suppressed innovation and undermined U.S. economic liberty and global leadership in digital finance.”
In terms of affirmative directives, the EO accomplishes the following:
Establishes a Working Group on Digital Asset Markets to be chaired by a Special Advisor for AI and Crypto and include the Chairman of the Securities and Exchange Commission, the Chairman of the Commodity Futures Trading Commission, the Attorney General, and the Secretary of the Treasury, among seven other top officials.
Directs the Working Group to (1) identify regulations, guidance documents, and orders pertaining to the digital asset industry within 30 days, (2) submit recommendations regarding rescission, modification, or regulatory adoption of those items within 60 days, and (3) submit a report to President Trump recommending regulatory and legislative proposals to (a) establish a Federal framework for the issuance and operation of digital assets, including stablecoins, and (b) evaluate the potential creation and maintenance of a national digital asset stockpile.
Prohibits development of CBDCs, which the EO states “threaten the stability of the financial system, individual privacy, and the sovereignty of the United States,” underscoring that “any ongoing plans or initiatives at any agency related to the creation of a CBDC within the jurisdiction of the United States shall be immediately terminated, and no further actions may be taken to develop or implement such plans or initiatives.”
The accompanying White House statement highlights several key objectives of the Trump Administration in this space, including making “the United States the center of digital financial technology innovation by halting aggressive enforcement actions and regulatory overreach that have stifled crypto innovation under previous administrations,” and ensuring that “regulatory frameworks are clear” and the “growth of digital financial technology in America . . . remain[s] unhindered by restrictive regulations or unnecessary government interference.”
Also on January 23, 2025, the Securities and Exchange Commission (“SEC”) rescinded accounting guidance issued in 2022 entitled “Accounting for Obligations to Safeguard Crypto-Assets an Entity Holds for its Platform Users.” The guidance called upon certain regulated entities custodying digital assets on behalf of others to account for them as liabilities “to reflect [their] obligation to safeguard the crypto-assets held for [their] platform users.”
Two days earlier, the Commission issued a press release announcing that Acting SEC Chairman, Mark Uyeda, had launched a crypto task force “dedicated to developing a comprehensive and clear regulatory framework for crypto assets.” The press release stated that, “[t]o date, the SEC has relied primarily on enforcement actions to regulate crypto retroactively and reactively, often adopting novel and untested legal interpretations along the way. Clarity regarding who must register, and practical solutions for those seeking to register, have been elusive. The result has been confusion about what is legal, which creates an environment hostile to innovation and conducive to fraud.” It added that the task force’s focus will be to “help the Commission draw clear regulatory lines, provide realistic paths to registration, craft sensible disclosure frameworks, and deploy enforcement resources judiciously.”
These executive actions exhibit a shift from the prior Administration consistent with President Trump’s promise at the Bitcoin 2024 conference to make the U.S. the “crypto capital of the planet.” While it remains to be seen whether this will be pursued through shifts in enforcement prerogatives, rulemaking, or legislation, it appears that the crypto industry can expect a more amenable U.S. regulatory environment moving forward.
HIDING?: Big Law Firm Seeks to Prevent Jury From Learning of Firm’s “Size” or “Resources” in TCPA Trial
For those experiencing one-to-one fatigue here is a quick funny one for you.
So trial is scheduled to start today in a single-plaintiff TCPA case in Nevada: Brittany Woodman v. NPAS Solutions, LLC.
NPAS Solutions has hired Spencer Fane to represent it, and apparently Spencer Fane is concerned a jury might be prejudiced by any mention of the firm’s *ahem* size and resources.
Specifically, the firm asked the court to issue an order assuring Plaintiff is “prohibited from introducing any evidence and/or making any reference to, or mention of, the size of Spencer Fane LLP, its clients, the areas of law it practices, its resources, or the number of lawyers in the courtroom.”
Oh dear.
Per the firm’s filing such discussion would cause “unfair prejudice.”
So there you go. #Biglaw concerned of unfair prejudice to a client if a jury finds out the client is using #biglaw.
That’s pretty funny.
Regrettably the parties worked this one out on their own so we will never know how the Court would have ruled on it.
The case is Woodman v. NPAS Solutions, LLC, 2:22-cv-01540-GMN-DJA (D.NV.) for all you docket watchers out there.
Chat soon.
Do Stablecoin Patent Applications Signal a Cryptocurrency Evolution?
Stablecoins have emerged as one of the most transformative innovations in the cryptocurrency space, bridging the gap between the volatility of traditional cryptocurrencies like Bitcoin and the stability demanded by mainstream financial systems. This rise has brought with it a wave of innovation, and nowhere is this more apparent than in the growing number of patent applications for stablecoin technologies.
From algorithmic stabilization techniques to cross-border payment systems, the innovations behind these patent applications pave the way for a more stable crypto-economy. But what do these patent filings tell us about the future of stablecoin adoption? Are they merely defensive strategies by crypto traders and institutions, or do they hint at broader shift toward stablecoin integration into mainstream financial systems?
Background on Stablecoins
By way of background, stablecoins are cryptocurrencies designed to maintain a stable value, typically by pegging their price to a reserve asset such as fiat currency (e.g., the U.S. dollar), a commodity (e.g., gold), or even a basket of assets (e.g., using algorithms and smart contracts to regulate supply and stabilize value without collateral). Unlike traditional cryptocurrencies, which are prone to price volatility, stablecoins aim to combine the benefits of blockchain technology—such as transparency and decentralization—with price stability. Stablecoins have become a focal point for both financial and technological advancement, driving an increase in stablecoin patent applications since their inception in 2014.
The Growth of Stablecoin-Related Innovations
The adoption of stablecoins has sparked significant innovation, as reflected in the growing number of blockchain patent applications filed worldwide, with the majority being filed in the U.S. and China. Companies and financial institutions are increasingly vying to protect their proprietary technologies in this competitive space.
Although there were early pioneers in the stablecoin space as early as 2014, stablecoins gained widespread traction in subsequent years, particularly with the introduction of the widely popular Ethereum-based stablecoins like DAI in 2017. Between 2017 to 2020, the number of blockchain and stablecoin related patent applications surged, including innovations covering algorithmic stability mechanisms, smart contract frameworks, and regulatory compliance systems. Blockchain-related patent applications, including those specific to stablecoins, peaked in 2020.
Challenges and Recovery in Stablecoin Innovation
Between 2021 to 2022, cryptocurrencies struggled to compete with inflation, leading to the devaluation and collapse of several cryptocurrencies and stablecoins. While these downward pressures impacted innovation in stablecoin technologies, stablecoin-related intellectual property saw a resurgence in 2024 with an increase in blockchain and stablecoin related patent applications. Despite fluctuations, overall blockchain and stablecoin patent activity remains robust as interest in stablecoins and cryptocurrencies remains strong.
For example, earlier this month, Ripple, the creator of open source blockchain XRP, announced its plans to launch a stablecoin following its receipt of regulatory approval. This announcement resulted in an 11% surge in XRP’s value within 24 hours of the disclosure. This upward trend in stablecoins reflects the maturation and evolution of the cryptocurrency industry, signaling a shift toward wider institutional acceptance and broader utility.
The interest in stablecoin-related patents signals several key trends in the evolution of cryptocurrency:
Institutionalization of Cryptocurrency – Increasing involvement of financial institutions and regulatory oversight.
Regulatory Focus and Compliance – Emphasis on compliance to meet global regulatory standards.
Decentralized Finance and Innovation – Expansion of decentralized financial applications powered by stablecoins.
Global Adoption and Competition – A race among nations and corporations to lead in stablecoin technology and integration.
The Role of Stablecoins in the Future of Finance
The growth of stablecoin-related patent applications and intellectual property is a cornerstone of the evolving cryptocurrency landscape. Stablecoins have the potential to play a vital role in bridging traditional and digital finance, thereby enabling faster, more efficient transactions while adhering to the demands of regulators and consumers alike.
For businesses and innovators, this presents a dual opportunity: capitalize on the growing demand for stablecoins and protect innovations through strategic patent filings. As the cryptocurrency ecosystem continues to mature, stablecoins are poised to be at the forefront of this transformation, driving new opportunities for innovation and adoption.
FAR Controlled Unclassified Information Rule Standardizes and Extends Cybersecurity Requirements to All Federal Contractors
Go-To Guide:
New proposed FAR Controlled Unclassified Information (CUI) Rule would standardize cybersecurity requirements for all federal contractors and subcontractors.
Federal agencies and contractors must implement a new Standard Form to identify and safeguard CUI.
The Rule introduces eight-hour reporting requirement for potential CUI incidents or mismarked CUI.
Non-defense contractors and small businesses may face considerable compliance costs for initial setup and annual maintenance.
Public comment period on the proposed rule will remain open until March 17, 2025.
On Jan. 15, 2025, the Department of Defense (DoD), General Services Administration, and NASA, all members of the FAR Council, published a proposed FAR CUI Rule under Title 48 of the CFR. This proposed rule amends the Federal Acquisition Regulation (FAR) to implement the third and final piece of the National Archives and Records Administration’s (NARA) Federal Controlled Unclassified Information (CUI) Program, which dates back to Executive Order 13556 from 2010. A November 2024 GT Alert explains the history and origin of the FAR CUI journey.
As anticipated, the FAR CUI Rule applies to contractors of all federal executive agencies and implements NARA’s policies under 32 CFR part 2002, which codified a standardized approach to designating, handling, and safeguarding CUI. The proposed rule also introduces new procedures, including reporting and compliance obligations, and defines roles and responsibilities for both the government and contractors who use and handle CUI.
All Contractors Must Meet Baseline Cybersecurity Requirements
CUI Standard Form and Contract Clause. To advance uniformity across agencies, the proposed rule introduces a new standard form, SF XXX, which would be included in solicitations and contracts to “determine what information under the contract is considered CUI and how to properly safeguard the CUI.” Contractors that perform under an SF XXX would need to comply with FAR 52.204-XX (a new contract clause), which would further specify CUI requirements, such as NIST SP 800-171, revision 2 security requirements, or NIST SP 800-53 controls, as appropriate. It may also include agency-specific security requirements. The FAR Council also anticipates that a limited number of contractors would be subject to enhanced security requirements under NIST SP 800-172 to protect designated CUI that is associated with a critical program or high-value assets.
SF XXX (90 FR 4302)
To the extent that contractors need to flow down CUI with a subcontractor, contractors must also prepare an SF XXX and distribute it downstream “at all subcontract tiers” to ensure proper safeguarding throughout the supply chain. The expectation and goal are to ensure that all parties are aligned on what information is CUI and what is required to protect that information. The FAR Council estimates that, on average, it would take two hours to review the SF XXX, so both contractors and subcontractors should expect detailed CUI information and safeguarding instructions under each contract.
No CUI Contract Clause—FAR 52.204-YY. Identifying and Reporting Information That Is Potentially Controlled Unclassified Information. The proposed rule introduces a second contract clause that would apply where no CUI is involved in the performance of a contract (if the “No” box is marked in Part A of the SF XXX). Under this clause, contractors would need to notify the government “if there appears to be unmarked or mismarked CUI or a suspected CUI incident related to information handled by the contractor in performance of the contract.” This clause also flows down to subcontractors.
Solicitation Provision—FAR 52-204-WW. Notice of Controlled Unclassified Requirements. This new solicitation provision would notify “offerors that agencies will provide agency procedures on handling CUI during the solicitation phase if handling CUI is necessary to prepare an offer.” Like the proposed FAR 52.204-YY contract clause, this provision also provides that offerors should notify the contracting officer of any unmarked or mismarked CUI or a CUI incident during the solicitation phase.
Commercially Available, Off-the-Shelf Items. The CUI requirements under the proposed rule would not apply to solicitations and contracts that are solely for acquiring commercially available, off-the-shelf items. However, the new proposed FAR clauses would apply to acquisitions of commercial products and services, as well as to simplified acquisitions for other than commercial products or services.
Proposed Rule Principles
No Independent Certification; Ad-Hoc Verification. The proposed rule is distinct from the DoD’s implementation of its CUI Program and Cybersecurity Maturity Model Certification (CMMC) in that, as a default rule, contractors would not be required to submit evidence they are compliant with the CUI requirements. The FAR Council explains that “defense contractors should have already implemented system security plans in accordance with DFARS clause 252.204-7012 and non-defense contractors have incentive to ensure compliance with the requirements in FAR clause 52.204-XX to avoid liability for breaches of CUI that may result from improperly protecting CUI being handled on the contractor’s information system.” Instead, contractors may be required to furnish certain information upon request, including documentation to verify compliance with system security plans or training requirements in connection with a CUI incident.
Training Requirements. The proposed CUI requirements include minimum training requirements, which contractors and subcontractors would be required to complete as specified on the SF XXX. Agencies may, at their discretion, also require evidence that contractors and subcontractors have provided appropriate employee training on safeguarding CUI, as required under FAR clause 52.204-XX.
Eight-Hour Reporting. Where there is CUI that appears to be unmarked or mismarked, offerors and contractors must notify the contracting officer representative or designated agency official within eight hours of discovery. Further, non-defense contractors and subcontractors that discover a suspected or confirmed CUI incident—where “CUI was or could have been improperly accessed, used, processed, stored, maintained, disseminated, disclosed, or disposed of”—must report the incident to the agency as specified in the SF XXX. Subcontractors are also required to notify the prime or next higher tier subcontractor within the same eight-hour timeframe. (While the proposed rule does not attribute this requirement to defense contractors since they are expected to already comply with DFARS 252.204-7012, the relevant provision to “rapidly report” cyber incidents to DoD specifies a 72-hour timeframe from the time of discovery.)
Compliance Costs and Small Business Contractors. For non-defense contractors and subcontractors, the FAR Council estimates the following labor and hardware (Hw)/software (Sw) costs to comply with NIST SP 800-171, revision 2.
Type of Contractor
Initial Year CostsLabor | Hw/Sw
Recurring Annual CostsLabor | Hw/Sw
Small Business
$148,200 (est. 1,560 hours * $95)
$27,500
$98,800 (est. 1,040 hours * $95)
$5,000
Other Than Small
$543,400 (est. 5,720 hours * $95)
$140,000
$494,000 (est. 5,200 * $95)
$80,000
Separately, the proposed rule estimates that the annual cost to implement and maintain a system security plan is an additional $1,140 (est. 12 hours * $95). These estimates do not account for costs associated with NIST SP 800-53 or FedRAMP Moderate baseline compliance efforts because they are separately addressed under the proposed rule to standardize cybersecurity requirements for unclassified federal information systems (FAR Case 2021-019).
Much like DoD’s response to small business concerns under the CMMC rulemaking activities, as well as the Cybersecurity and Infrastructure Security Agency’s posture under the Cyber Incident Reporting for Critical Infrastructure Act proposed rules, small business contractors may not be granted categorical cost relief under the FAR CUI Rule. “[S]mall businesses that do business with DoD and handle CUI in performance of their contracts are already subject to requirements equivalent to the new FAR clause and provision,” and “small businesses that do business with other agencies that have included similar or overlapping safeguarding requirements under agency-specific contract terms may already be in partial or substantial compliance with the clause requirements.”
NIST SP 800-171 Revision 3 Updates. NIST issued revision 3 to SP 800-171 in May 2024, and as the publication nears its one-year anniversary, agencies will be required to meet the updated standards and guidelines (OMB Circular No. A-130 “Managing Information as a Strategic Resource”). The proposed rule acknowledges this and anticipates future rulemaking to incorporate the latest version. In doing so, the FAR Council explicitly notes the need to “immediately implement requirements to protect CUI on non-Federal information systems; therefore, this proposed rule does not seek to implement NIST’s most recent revision.”
Requirements for Federal Information Systems. Where the SF XXX specifies a federal information system using cloud computing services, the contractor must meet any agency-specified requirements and, at a minimum, must comply with the FedRAMP Moderate Baseline security controls. Where a contractor operates a non-federal information system but uses a cloud service provider to store, process, or transmit CUI, that cloud service provider must also meet FedRAMP Moderate Baseline standards.
Takeaways
While the new administration issued the standard regulatory freeze pending review, the order does not pause the public comment period, which will run through March 17, 2025, as scheduled. Moreover, federal contractors are advised that many of the obligations under the proposed rule are modeled after the established DFARS 252.204-7012, “which introduced many of these compliance requirements on defense contractors and subcontractors in 2015 and required compliance not later than December 31, 2017.” Interested parties should submit comments by March 17, 2025.
Federal Communications Commission’s One-to-One Consent Rule Under Telephone Consumer Protection Act Vacated Day Before Rule Set to Take Place
On Monday, January 27, 2025, the One-to-One Consent Rule (“the Rule”) promulgated by the Federal Communications Commission (the “Commission”) a year ago, on December 18, 2023, was set to go into effect.[1] Under this Rule, a consumer could not consent to a telemarketing or advertising robocall unless (1) he consents to calls from only one seller at a time, (2) he receives a clear and conspicuous disclosure that he will receive telemarketing calls or texts using an automatic telephone dialing system or an artificial or prerecorded voice, and (3) he consents only to calls whose subject matter is “logically and topically associated with the interaction that prompted the consent.”[2] The Commission viewed the Rule primarily as a way to prevent lead generators from using single consumer consent on the comparison shopping websites that often are the source of lead generation.[3] But the Rule was not limited to lead generators. Rather, it applied to all entities utilizing — themselves or through their vendors, affiliates, or other third parties — telemarketing calls or texts using regulated technology. The Rule thus required these businesses to overhaul their consent collection flows, revise contracts with vendors and other third parties, and otherwise reassess their business operations. The Rule also portended a substantial increase in Telephone Consumer Protection Act (TCPA) litigation, particularly as the key terms in the Rule — such as what it means to be “logically and topically associated with the interaction that prompted the consent” — were undefined.
Businesses subject to the One-to-One Consent Rule got their lucky break on Friday, January 24, 2025, the last business day before the Rule was set to go in effect. Initially, the Commission, acting sua sponte,issued an order postponing the effective date of the One-to-One Consent Rule by 12 months — to January 26, 2026 — or until the date specified in a public notice after the U.S. Court of Appeals for the Eleventh Circuit issues a decision on the petition filed by the Insurance Marketing Coalition (IMC) challenging the Rule (whichever is sooner).[4] The Commission found that, given the advanced stage of the judicial proceedings in the Eleventh Circuit, the litigation risks presented by the Rule for texters and callers acting in good faith, and concerns about the industry’s readiness for immediate compliance with the Rule, it was in the interest of justice to postpone the effective date of the rule.[5]
The Eleventh Circuit did not leave folks waiting for long. That same Friday afternoon, the court issued an opinion finding that the Commission exceeded its statutory authority under the TCPA because the new consent restrictions in the Rule “impermissibly conflict with the ordinary statutory meaning of ‘prior express consent.’”[6] In particular, the Eleventh Circuit noted that the term “prior express consent” as used in the TCPA statute only requires a consumer to “clearly and unmistakably” state that they are willing to receive the robocall — and says nothing about requiring one-to-one consent.[7] Nor does it say anything about the consumer’s consent being limited to calls that are “logically and topically associated with the interaction that prompted the consent.”[8] Thus, the requirements for a consumer to separately and independently consent to receive robocalls from each individual seller and for the robocalls to be “logically and topically associated with the interaction that prompted the consent” were contrary to the plain meaning of the statute; thus, they were in excess of the Commission’s statutory authority to implement the TCPA.[9] What is more, rather than remand the matter back to the agency, the Court altogether vacated the One-to-One Consent Rule.[10]
As a result of these two actions, the Commission is back to square one and will need to decide whether to pursue any further action to revive the One-to-One Consent Rule as well as whether it can be done in light of the Eleventh Circuit’s holding. More importantly, the business community does not need to worry about compliance with the Rule and can continue operating under the status quo, which still requires obtaining express written consent for marketing outreaches using regulated technology.
1 Second Report and Order, In re Matter of Targeting and Eliminating Unlawful Text Messages, Rules and Regulations Implementing the Tel. Consumer Prot. Act of 1991, Advanced Methods to Target and Eliminate Unlawful Robocalls, 38 FCC Rcd. 12247, 12258-69 (2023) (the “2023 Order”). The 2023 Order would, in relevant part, revise 47 C.F.R. § 64.1200(f)(9).
2 Id. at 12297.
3 Id. at 12258, ¶ 30.
4 FCC Order dated Jan. 24, 2025, In re Matter of Targeting and Eliminating Unlawful Text Messages, Rules and Regulations Implementing the Tel. Consumer Prot. Act of 1991, Advanced Methods to Target and Eliminate Unlawful Robocalls,issued by Eduard Bartholme III, Acting Chief, Consumer and Government Affairs Bureau.
5 Id. ¶ 4.
6 Ins. Marketing Coalition Limited v. FCC, Case No. 24-10277 (Jan. 24, 2025), Slip Op. at 4.
7 Id. at 18.
8 Id. at 20-21.
9 Id. at 18-22.
10 Id. at 25.
Eleventh Circuit Overturns Major FCC TCPA Ruling: Here’s The Czar’s Definitive Take On The Ruling And What It Means To TCPAworld
All right, major TCPA developments on Friday.
The biggest news was the outcome of the Insurance Marketing Coalition’s (IMC) Hobbs Act petition to the Eleventh Circuit Court of Appeals challenging the Federal Communication Commission’s (FCC) new one-to-one express consent ruling under the Telephone Consumer Protection Act (TCPA).
The one-to-one consent rule–which was scheduled to go into effect today (January 27, 2025)– would have required consumer’s to specifically identify the entity to whom they were providing consent when filling out online webforms. It would have also required consent to be “topically and logically” related to the transaction that lead to the consent.
The rule was implemented to help cut down on unwanted robocalls arising from websites that resale consumer data numerous times based upon fine print disclosures consumers do not always read or understand.
According to the Eleventh Circuit, however, the FCC overstepped its authority by unduly limiting the consumer’s right to consent in its ruling.
Let’s break it down.
In Insurance Marketing Coalition v. FCC, 2025 WL 289152 (11th Cir. 2025) the key issue addressed by the Court was whether the FCC exceeded its statutory authority under the TCPA in issuing its 2023 Order because the one-to-one-consent and logically-and topically related restrictions impermissibly conflict with the ordinary statutory meaning of “prior express consent.” The Court concluded that it did, and the reasons for this conclusion are incredibly important.
First, the Eleventh Circuit took a very limited view of the FCC’s ability to “implement” the TCPA and found it had power only to perform those actions necessary to “complete, perform, [or to] carry into effect.” It the Court’s view the FCC could not “alter” any part of the statute as part of implementation. Rather it could only “reasonably define” the TCPA’s provisions.
The Court then focused on the TCPA’s statutory language. The TCPA permits calls made using regulated technology when the consumer has provided “express consent.” Critically, in the Court’s view the TCPA does not require “express consent plus.” So although the FCC has some ability to define and implement the phrase “express consent” it may not impose additional requirements and restrictions that exceed the intended scope of the phrase.
In light of this reality the Court framed the issue for review through the lens of two questions: i) to give “prior express consent” for telemarketing or advertising robocalls, must a consumer always consent to calls from only one entity at a time; and ii) can a consumer give “prior express consent” to receive telemarketing or advertising robocalls only when the consented-to calls are “logically and topically associated with theinteraction that prompted the consent”?
Pause.
Notice what an incredibly restrictive paradigm this presents for agencies.
If an agency is given authority from Congress to enforce a nationwide seatbelt ban and determines a seatbelt must be 3 inches in width, would the Court question “to wear a seatbelt must a consumer always have a belt 3 inches in width?” To articulate the ability of an agency to act by looking at the question through the lens of whether any portion of a statutory provision is limited by an agency rule is seemingly tantamount to destroying an agency’s ability to act.
To define is to limit, after all. Any effort to “reasonably define” a TCPA provision will necessarily limit it to some degree.
But the IMC court determined the FCC’s ruling failed specifically because its definition limited the TCPA express consent provision.
In the Court’s view, the definition of prior express consent has largely already been determined by case law. In its view express consent is consent “that is clearly and unmistakably granted by actions or words, oral or written…” and given before the robocalls or texts are made. Seemingly any expression of the law beyond this common law approach was doomed to meet with failure in the Court’s eyes as conflicting with the “plain language” of the statute, as interpreted by the courts.
Pause again.
Notice the huge shift in reasoning in addressing agency action here following Loper Bright. Not long ago (like this time last year) an agency’s determination of the meaning of a statute would be given wide deference by the courts. Now the IMC court essentially afforded zero deference and, in effect, expects the precise opposite– the agency must defer to the Court’s determinations!
Fascinating.
The rest of the Court’s reasoning makes this new paradigm perfectly clear.
For instance, the Court reasoned previous case law had permitted parties to consent “to multiple, vaguely defined entities at one time” in analyzing the scope of “express consent.” That being the case the FCC’s determination that consumers could consent only to a single entity at a time must necessarily conflict with the statute.
Next, as to the “logicially and topically” related component the Court reasoned a consumer might “consent to calls about “loan consolidation” while shopping online for “auto loans.” Under case law all that is required is that the consumer “clearly and unmistakably” state, before receiving a robocall, that he is willing to receive telemarketing or advertising robocalls about loan consolidation. So any suggestion by the FCC that consent is invalid must necessarily fail– it is powerless to implement a restriction contrary to a court’s determination of the meaning of the statute.
My goodness.
In the end, the Court defines the scope of the TCPA’s express consent rule as follows: “As long as a consumer clearly and unmistakably states, before receiving the robocall, that he is willing to receive the robocall, he has given ‘prior express consent’ under the TCPA.”
That’s it.
And because the FCC’s one-to-one rule went further than this definition, it is dust in the wid.
So let’s walk through some take aways:
The FCC’s one-to-one rule is no more. The Eleventh Circuit has jurisdiction to strike down the ruling for the entire country under the Hobbs Act. No other court may enforce the rule. It is essentially dead and cannot be leveraged in any TCPA suit. That’s the good news.
The bad news: consent forms will face even greater scrutiny now than they have in the past. The Eleventh Circuit’s repeated focus on “clearly and unmistakably” stated consent may posed a massive detriment to typical lead gen forms that are often neither clear nor unmistakable. This seems to make the efforts of REACH–to set standards for what qualifies as “clear and unmistakable” in the industry– more important than ever. Remember, courts are already refusing to enforce forms fairly routinely. The one-to-one rule was actually set to help lead buyers to a certain degree because consumers who provided enhanced levels of consent were unlikely to sue. Lead buyers may still wish to require one-to-one consent to make sure they are getting real consumers who are providing real leads. There is still a ton of risk out there.
On that topic, it seems clear the FCC has the authority to define what “clear and unmistakable” means in this context. So perhaps we will one-day see additional regulation defining express consent. But I don’t expect that any time soon.
To be absolutely clear nothing has changed under the TCPA. Literally. Meaning everything that was illegal on Friday is still illegal today. And that means lead gen forms that do not provide “clearly and unmistakably” stated consent in a “clear and conspicuous” manner consistent with the FCC’s current express written consent requirements are still illegal.
The incredibly restrictive approach adopted by the Eleventh Circuit in IMC is fascinating but is unlikely to catch on across the country. For instance, I do not expect a court in a suit between private parties to suddenly determine that “written” express consent is out the window because a consumer can “clearly and unmistakably” consent to receive robocalls orally. But hey, its Trump’s America now— so anything is possible. Again the IMC court’s ruling on one-to-one is effective across the country– but the restrictive analytic framework applied to assessing the legality of agency action is not.
The Court reserved the issue of whether the FCC’s dual treatment of consent–i.e. a higher standard for marketing versus informational messaging– is constitutional or not. Very interesting issue there– and a very strong argument can be made it is not. I suspect that will be the next battleground as industry pushes back on the TCPA’s express consent requirements.
Want to end with another note praising IMC here for their efforts. There was a little bit of Luck involved– literally– but they made the right moves to get the right result. While directionally one-to-one is good for the lead generation industry, the way the FCC framed its ruling was very very damaging for small business– it would have cost tens of thousands of jobs and hurt consumers.
Nobody should view this as a win for robocallers. It should be viewed as a win for common sense and–in a larger sense, a win for freedom against unwise government regulation. And for that reason in particular my hat is off to IMC. Nicely done folks.
Chat soon.
More Than Child’s Play: $520 Million FTC Settlement Signals Risks for Digital Platforms
For years, one of the world’s most popular online video games, Fortnite, profited from in-game purchases (or “microtransactions”) that, according to the Federal Trade Commission (“FTC”), were unlawful and deceptive. [1] Although Fortnite is “free-to-play,” individuals playing Fortnite—many of whom, the FTC says, are minors—use real-life money to buy in-game currency. But the game’s interface and controls make it easy to accidentally make purchases using in-game currency. And the game did not make clear when users’ payment information was being saved or require additional authentication when purchases were made with saved payment information. This allowed children playing the game to make purchases without parental permission. Then, Fortnite employed what the FTC calls “dark patterns” to discourage or prevent users from cancelling transactions, requesting a refund, or issuing a charge-back on their credit card.
Those practices, along with game setting that the FTC claimed violated the Children’s Online Privacy Protection Act, were the basis of the FTC’s settlement with Epic Games, Inc. (“Epic”), the creator of Fortnite. Epic agreed to pay $275 million in penalties related to the privacy violations—the largest monetary penalty ever obtained for violating an FTC rule—and $245 million in refunds. Epic also agreed to make specific changes to Fortnite’s microtransaction system. Specifically, Epic agreed to obtain “express, informed consent” coupled with “clear and conspicuous disclosures” meeting specific criteria before billing users. It also agreed to provide users with “a simple mechanism to revoke consent at any time.” The FTC intends this settlement to be “a message to all online providers” that “protecting the public, and especially children, from online privacy invasions and dark patterns is a top priority for the Commission.” [2]
The FTC’s strong statement on billing practices and “dark patterns” impacts more than just video games; it potentially touches on all online platforms that store payment information to allow users to periodically purchase services or products. Online content providers should consider whether their own billing practices satisfy the requirements of the Consent Agreement or otherwise sufficiently inform users of when, how, and for what they are being charged.
[1] Fortnite Video Game Maker Epic Games to Pay More Than Half a Billion Dollars over FTC Allegations of Privacy Violations and Unwanted Charges | Federal Trade Commission
[2] The full Consent Order can be viewed here: Epic Games: Agreement Containing Consent Order