Photo of Sheila MillarPhoto of Tracy Marshall

In the midst of the busiest shopping season of the year, Federal Trade Commission (FTC or Commission) staff reminded companies of their obligations under the Rule on the Use of Consumer Reviews and Testimonials (Consumer Review Rule). On December 22, 2025, the FTC announced that staff had sent letters to ten companies warning that they may be in violation of the Consumer Review Rule, which is intended to rein in the practice of using fake reviews and testimonials to boost sales of products or services. The FTC’s Endorsement Guides, last updated in July 2023, offer guidance on reviews and testimonials in advertising (including in social media), but the Consumer Review Rule addresses a specific issue of fake reviews and testimonials. The Rule empowers the FTC to file federal lawsuits or take other legal action and obtain civil penalties of up to $53,088 per violation.

Read the full article here.

Photo of Sheila MillarPhoto of Anushka R. Stein

Starting January 1, 2026, retailers of covered battery-embedded (CBE) products in California must charge consumers a CBE Waste Recycling Fee at point of purchase or cover the costs of the fee themselves. Per regulations finalized last week, the fee will be 1.5% (capped at $15) of the retail sales price of a CBE product. Proposed regulations that would clarify related requirements are still pending as of this writing.

The CBE Waste Recycling Fee is required under SB 1215, which we previously wrote about here. To review, CBE products are those that contain batteries that are “not designed to be easily removed from the product by the user of the product with no more than commonly used household tools.” These do not include products that incorporate video display devices measuring greater than four inches diagonally (such products are separately subject to California’s Covered Electronic Waste (CEW) Recycling Fees) or standalone batteries (which will be covered by future requirements under AB 2440, as we wrote about here). However, the scope of CBE products remains unclear since the proposed regulations add new definitions, including one for “commonly used household tools.” If finalized in their current form, these definitions could affect how broadly the fee applies.

Read the full article here.

Photo of Sheila Millar

The long-awaited updates to the Children’s Online Privacy Protection Act Rule (Final Rule) took effect on June 23, 2025, with a compliance deadline of April 22, 2026. With this fast-approaching compliance deadline, businesses should be actively working to update backend systems to meet the new requirements.

Read the full article here.

Photo of Sheila MillarPhoto of Antonia Stamenova-DanchevaPhoto of Anushka R. Stein

The July 8, 2026, effective date for the U.S. Consumer Product Safety Commission’s (CPSC or Commission) electronic filing (eFiling) requirements is fast approaching. As we previously discussed, last December, CPSC approved a Final Rule to implement mandatory eFiling of certificates of compliance (CoC) for imported consumer products that are subject to a CPSC rule, ban, standard, or regulation (Final Rule). Given the Final Rule’s broad applicability, and its lack of a de minimis exemption, importers of covered goods should ensure that they are ready to comply. While most covered imports must comply by July 8, 2026, CPSC-regulated products imported through a Foreign Trade Zone (FTZ) are given additional time and have an effective date of January 8, 2027.

Read the full article here.

Photo of Sheila MillarPhoto of Antonia Stamenova-DanchevaPhoto of Anushka R. Stein

On November 3, 2025, the New York Attorney General announced a $1.1 million settlement with the U.S. subsidiary of the world’s largest beef producer, ending the state’s lawsuit accusing the company of misleading the public about its environmental practices and sustainability commitments. The complaint, filed in February 2024 in New York state court, alleged that defendants JBS USA Food Company and JBS USA Food Company Holdings (together, JBS USA), and JBS USA’s parent, subsidiary, and affiliate companies, misled the public about a pledge to reduce greenhouse emissions and their stated goal to be “Net Zero by 2040.” However, JBS USA now faces a new false advertising challenge involving essentially the same claims, joining a growing number of companies getting sued over aspirational environmental claims.

These false advertising lawsuits come at a time when many companies are under pressure to make certain climate claims in the EU and the U.S., including to comply with new mandatory reporting requirements in California next year under SB 253 and SB 261. Starting on January 1, 2026, the latter will require biennial reporting of “climate-related financial risks” by certain companies (i.e., U.S. entities with total annual revenue exceeding $500 million doing business in California), including posting these reports on the company website. Meanwhile, SB 253’s first set of reports (on Scope 1 and 2 greenhouse gas emissions by U.S. entities with total annual revenue exceeding $1 billion doing business in California) are expected to be due by June 30, 2026. As these deadlines approach, companies should be aware of the recent challenges against JBS USA and others and they should make sure that any environmental and climate-related marketing claims align with the information included in required reports.

Read the full article here.

Photo of Sheila MillarPhoto of Anushka R. Stein

State legislatures have continued to enact privacy laws aimed at protecting kids and teens despite significant—and often successful—legal challenges that largely focus on First Amendment flaws. Some laws have recently gone into effect, or will become effective soon, while others are not slated to take effect until 2027. The Children’s Online Privacy Protection Act (COPPA) remains the primary federal law protecting children’s online privacy (updated implementing regulations took effect earlier this year, with a compliance deadline of April 22, 2026) and bars inconsistent state laws. While there have been some recent legislative efforts at the federal level to expand children and teens’ privacy protections (including a bill introduced this week to regulate the use of AI chatbots and companions by minors), these have failed to pass. However, states continue to pursue their own online privacy laws with a goal of enhancing protections for children and teenagers, particularly around social media use and exposure to AI. The unabated pace of legislative action reflects rare bipartisan support for protecting kids and teens, adding to the growing patchwork of laws that now make up the state privacy landscape. Because these laws do not simply cover websites or services “directed to children,” as defined in COPPA, but to websites and services that are “likely to be accessed” by children, they often effectively regulate businesses that target general, largely adult-only audiences. Many of these laws are therefore being challenged as overbroad, unconstitutional restrictions on speech.

We review recent developments affecting children’s privacy, and potentially the broader online privacy landscape, including current and likely challenges on the horizon.

Read the full article here.

Photo of Sheila MillarPhoto of Anushka R. Stein

On October 2, 2025, after the federal government shut down, the Senate received President Trump’s nomination for a new commissioner at the Consumer Product Safety Commission (CPSC or Commission)—William “Billy” Hewes III, former mayor of Gulfport, Mississippi. This recent nomination came as a surprise, since for the last few months, it was not clear if President Trump would in fact nominate a replacement for former Republican Commissioner Douglas Dziak (who stepped down in August, before the end of his term) or seek to fill the seat vacated by Mary Boyle (one of the recently fired Democratic commissioners whose term ends October 27, 2025).

Read the full article here.

Photo of Sheila MillarPhoto of Tracy Marshall

Businesses making negative option or auto-renewal subscription offers, beware: Federal Trade Commission (FTC or Commission) enforcement is alive and well in 2025. Although the U.S. Court of Appeals for the Eighth Circuit struck down the FTC’s much-criticized Biden-era “click to cancel” rule earlier this summer, on September 25, 2025 the FTC announced that Amazon.com, Inc. and two of its senior executives agreed to pay $1 billion in FTC fines and another $1.5 billion in consumer refunds to settle allegations that Amazon “knowingly duped millions of consumers into unknowingly enrolling in its Amazon Prime service” and intentionally made Prime membership difficult to cancel. The FTC asserts that the Amazon settlement is just the third time in which the FTC has obtained a civil penalty under the Restore Online Shoppers’ Confidence Act (ROSCA) and represents the second-largest restitution award ever obtained by the FTC.

Read the full article here.

Additionally, see Amazon’s statement about the FTC settlement here.

Photo of Sheila MillarPhoto of Antonia Stamenova-DanchevaPhoto of Anushka R. Stein

The latest development in the ongoing legal saga regarding the scope of presidential authority to fire officials at various independent federal agencies occurred on September 22, 2025, when the Supreme Court of the United States (SCOTUS or the Court) granted a stay of the reinstatement of Rebecca Slaughter, a former commissioner at the Federal Trade Commission (FTC). The Court also granted a writ of certiorari without waiting for judgment on the merits by the federal appeals court, directing the parties to brief two questions for the Court’s December 2025 argument session: “(1) Whether the statutory removal protections for members of the [FTC] violate the separation of powers and, if so, whether Humphrey’s Executor v. United States, 295 U.S. 602 (1935), should be overruled. (2) Whether a federal court may prevent a person’s removal from public office, either through relief at equity or at law.” While this case concerns the FTC, any decision affecting Humphrey’s Executor will have wide-reaching effects, as that nearly century-old SCOTUS precedent limits the president’s authority to fire without cause officers at many independent agencies.

Read the full article here.

Photo of Sheila MillarPhoto of Tracy Marshall

Google and two Disney companies recently settled lawsuits alleging that the companies violated children’s privacy laws, once again demonstrating a heightened interest in protecting children online and putting content creators and channel owners on notice that they will be subject to strict liability for violations of federal and state privacy laws. On August 18, 2025, Google and its subsidiary YouTube agreed to pay $30 million to settle a class action lawsuit claiming that YouTube collected personal information of children under age 13 for targeted advertising without parental consent, in violation of state privacy laws and the Children’s Online Privacy Protection Act (COPPA). A few weeks later, Disney agreed to pay $10 million to settle Department of Justice (DOJ) and Federal Trade Commission (FTC) allegations that videos the company uploaded to YouTube were not properly marked as “Made for Kids” and the company allowed personal information to be collected from children who viewed videos without notifying parents or obtaining consent, as required by the COPPA Rule. Disney now faces a separate class action lawsuit.

Read the full article here.