CFPB Sues TransUnion and Senior Executive for Violating Law Enforcement Order Prohibiting Deceptive Marketing

On April 12, 2022, the Consumer Financial Protection Bureau (CFPB) announced that it had filed a lawsuit in federal court against TransUnion, two of its subsidiaries, and its longtime executive for failing to implement requirements of the CFPB’s 2017 law enforcement  order to TransUnion, and for violating Regulation V, which implements the Fair Credit Reporting Act and the Electronic Fund Transfer Act.  The 2017 order prohibited the company from engaging in deceptive marketing regarding its credit scores and other credit-related products.  However the CFPB reports that after the order went into effect, TransUnion continued its unlawful behavior, disregarded the order’s requirements, and continued employing deceitful “digital dark patterns” to profit from customers, which are “hidden tricks or trapdoors companies build into their websites to get consumers to inadvertently click links, sign up for subscriptions, or purchase products or services.”  The CFPB’s suit follows its recent announcement that repeat offender law enforcement is a top priority for the CFPB.

As the parent company of one of the nation’s three largest credit reporting agencies, TransUnion collects consumer credit information, including borrowers’ payment histories, debt loads, maximum credit limits, names and addresses of current creditors.  Through its subsidiary, TransUnion Interactive, the company also markets, sells, and provides credit-related products directly to the public, such as credit scores, credit reports, and credit monitoring.  In January 2017, the CFPB entered into a settlement with TransUnion and its subsidiaries for deceptively marketing credit scores and credit-related products, whereby TransUnion agreed to pay $13.9 million in restitution to victims and $3 million in civil penalties. Pursuant to the order, TransUnion also agreed to (i) warn consumers that lenders are not likely to use the scores it supplies, (ii) obtain the express informed consent of customers for recurring payments for subscription products or services, and (iii) provide an easy way for people to cancel subscriptions.  However the CFPB’s complaint alleges that since the order, TransUnion used an array of dark patterns to trick people into recurring payments and to make it difficult to cancel them.  For example, TransUnion allegedly integrated deceptive buttons into its online interface that gave the impression that consumers could access a free credit score, in reality, clicking the button signed consumers up for recurring monthly charges using the credit card information they had previously provided. Additionally, the complaint alleges that TransUnion not only failed to offer a simple mechanism for cancellation, but actively made it confusing for consumers to cancel through strategic uses of font and color on its website.

On the part of TransUnion Interactive’s former top executive, John T. Danaher, the complaint alleges that Danaher determined that complying with the CFPB’s 2017 order would reduce the company’s revenue, and so he created a plan to delay or avoid having to implement the order, including by instructing TransUnion Interactive to cease using an affirmative selection checkbox, required by the order to limit unintended subscription enrollments.

The CFPB’s complaint seeks monetary relief, including restitution or refunds to consumers, disgorgement or compensation for unjust enrichment, injunctive relief, civil money penalties, and costs.