Listen to this post

In the middle of the 20th century, there was a massive expansion of the retail credit market. Everything from boats to sewing machines to kitchen appliances were bought and sold through increasingly complex credit arrangements. These credit arrangements would extinguish a consumer’s rights to dispute any terms of the contract once a loan was assigned, legally binding the consumer to pay the holder of the contract, even if the sale was fraudulent. These “cut off” clauses were considered standard, and consumers had no choice, as it was presented as a “take it or leave it” agreement.

In a recent lecture, the director of the Federal Trade Commission’s Bureau of Consumer Protection compared these credit contracts to the concept of notice and choice in today’s digital world of data collection and privacy concerns. The director characterized notice and choice as “weaponizing fine-print contractual provisions to shift risk and responsibility away from themselves and onto consumers.”

The director’s remarks focused on the commission’s response to these mid-century credit contract provisions by implementing the Holder Rule. This rule reallocated the risk of misconduct by sellers, allowing consumers to assert claims and defenses against any holder of the loan. The result of this rule created incentives for creditors to self-police the retail market, as any subsequent creditor could now be held responsible for the originators bad acts.

The director went on to dispel the notion that this type of model, if applied to privacy concerns, would disrupt business and the digital marketplace by saying:

[D]espite dire warnings from industry, these changes did not make the sky fall or cause the credit market to dry up. Consumer credit continues to be very competitive, and the Holder Rule continues to provide fundamental protections that promote confidence in the lending system.

. . .

As the Holder Rule shows, well-designed government action does not distort the free market – it makes it work better. By properly aligning incentives and allocating legal responsibility, trust grows and firms can compete on value. To be clear, humility is an important virtue for regulators; unintended consequences, regulatory burden, and imperfect information are all ever-present concerns. But there are also risks to inaction, and the consequences of failing to act can leave the public worse off, especially when it allows businesses to shift the cost of misconduct onto consumers. We saw that in credit markets half a century ago, and we see it in our digital economy today.

See Toward a Safer, Freer, and Fairer Digital Economy, How Proactive Consumer Protection Can Make the Internet Less Terrible, Remarks of Samuel Levine, Fourth Annual Reidenberg Lecture, Fordham Law School, April 17, 2024.

The director concluded his remarks by emphasizing that the FTC is currently, and intends to continue to, take bold action and use every tool in its arsenal to protect privacy, combat online dark patterns and manipulation, and safeguard the public from other harms. The closing remarks signaled that the FTC intends to take further action to protect consumers’ privacy rights by moving away from notice and consent and placing the onus on businesses through legal remedies similar to those present in the Holder Rule.

Finally, the director did not say what an application of a Holder Rule analogue in the privacy space would look like in practice. However, this is certainly an area to stay abreast of, as the FTC becomes more active in this space and continues to look for ways to address these issues through its rulemaking authority.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Erin Jane Illman Erin Jane Illman

Erin Illman is a dynamic problem solver with a strong understanding of U.S. and international private-sector privacy laws and regulations and the legal requirements for the transfer of sensitive personal data to/from the United States, the European Union and other jurisdictions. She regularly…

Erin Illman is a dynamic problem solver with a strong understanding of U.S. and international private-sector privacy laws and regulations and the legal requirements for the transfer of sensitive personal data to/from the United States, the European Union and other jurisdictions. She regularly advises clients on CCPA, GLBA, HIPAA, COPPA, CAN-SPAM, FCRA, security breach notification laws, and other U.S. state and federal privacy and data security requirements, and global data protection laws. In addition to providing proactive privacy and information security compliance and legal advice, Erin manages privacy-related enforcement actions and litigation. Her practice includes representing companies in reactive incident response situations, including insider cybersecurity threats, electronic and physical theft of trade secrets, and investigation, analysis, and notification efforts with respect to security incidents and breaches.

Photo of E. Paige Knight E. Paige Knight

Paige Knight is an associate in the firm’s Banking and Financial Services Practice Group. Her practice encompasses all things commercial litigation, as well as regulatory and compliance matters. Paige focuses on consumer class action litigation, mortgage servicing, and data privacy and cybersecurity. She…

Paige Knight is an associate in the firm’s Banking and Financial Services Practice Group. Her practice encompasses all things commercial litigation, as well as regulatory and compliance matters. Paige focuses on consumer class action litigation, mortgage servicing, and data privacy and cybersecurity. She also advises clients on regulatory and compliance issues, including those touching the cybersecurity and financial services spaces.