FTC Enforcement Provisions Library

Interactive analysis of 285 Federal Trade Commission enforcement actions spanning 1997–2026, with 2,709 searchable consent order provisions organized by statute, practice area, and remedy type.

Database Coverage

  • 285 enforcement actions across 30 years (1997–2026)
  • 2,709 consent order provisions with verbatim text and paragraph-level citations
  • 36 cross-case remedy patterns
  • 13 behavioral enforcement categories
  • Statutory topics: Section 5 Only (1549 provisions), COPPA (417 provisions), FCRA (393 provisions), GLBA (252 provisions), Health Breach Notification (106 provisions), TSR (68 provisions), CAN-SPAM (14 provisions)

Recent Enforcement Actions

  • General Motors LLC, General Motors Holdings LLC, and OnStar, LLC (2026) — Section 5 Only. General Motors and OnStar collected detailed driving behavior data every three seconds and sold it to consumer reporting agencies without consumers' meaningful informed consent.
  • Disney Worldwide Services, Inc. and Disney Entertainment Operations LLC (2025) — COPPA. Disney failed to accurately designate child-directed YouTube videos as 'Made for Kids,' allowing targeted advertising and personal data collection on content directed at children.
  • Illuminate Education, Inc. (2025) — Section 5 Only. Illuminate Education stored millions of students' personal data in plaintext with inadequate access controls, suffered a breach, and had made contractual security promises it did not keep.
  • Illusory Systems, Inc. (2025) — Section 5 Only. Nomad marketed its cryptocurrency bridge as 'security-first' while deploying inadequately tested code with no incident response plan, leading to the near-total loss of user assets.
  • Apitor Technology Co., Ltd. (2025) — COPPA. Apitor's robot toy app secretly collected precise geolocation data from child users via a third-party SDK without parental notice or consent.
  • AYLO GROUP LTD. (2025) — Section 5 Only. Pornhub's operator actively distributed child sexual abuse material and non-consensual content for years while falsely claiming to promptly review and remove flagged material.
  • Roca Labs, Inc. (2025) — Section 5 Only. Roca Labs falsely claimed its dietary supplement had a scientifically proven 90% weight-loss success rate and silenced unhappy customers with non-disparagement clauses.
  • GoDaddy Inc. (2025) — Section 5 Only. GoDaddy marketed itself as a secure hosting provider with award-winning security while failing to implement basic controls, resulting in multiple major data compromises.
  • Aqua Finance, Inc. (2025) — FCRA. Aqua Finance funded home water treatment financing arrangements whose terms were systematically misrepresented by dealers and structured deceptively as open-end credit in violation of federal lending law.
  • Avast Limited (2025) — Section 5 Only. Avast collected consumers' detailed browsing histories through its privacy-protection software and secretly sold that data to over 100 third parties without adequate disclosure or consent.
  • COGNOSPHERE, LLC (2025) — COPPA. HoYoverse collected children's personal data without parental consent and misled players about their true odds of winning loot box prizes, obscuring the actual cost of rare items.
  • IntelliVision Technologies Corp. (2025) — Section 5 Only. IntelliVision marketed its facial recognition software as free of racial and gender bias and highly accurate when it had no testing to support those claims.
  • Mobilewalla, Inc. (2025) — Section 5 Only. Mobilewalla collected and sold consumers' sensitive location data — including data revealing visits to medical facilities and places of worship — without meaningful consent and in violation of ad exchange terms.
  • Gravy Analytics, Inc. (2024) — Section 5 Only. Gravy Analytics collected and sold precise mobile location data revealing consumers' sensitive characteristics — including health decisions and religious practices — without verifying user consent.
  • Vivint Smart Home, Inc. (2024) — FCRA. Vivint's sales force fraudulently pulled third parties' credit reports without consent to qualify unqualified customers for financing, then passed those innocent parties' information to debt collectors.

Analysis Views

This site provides four interactive analysis views:

  • Analytics — Enforcement trends by year, administration, topic, and violation type
  • Provisions Library — Search 2,709 provisions by statute and remedy type with verbatim order language
  • Industries — Sector-level enforcement analysis across 8 industry categories
  • Patterns — 36 remedy patterns and 13 behavioral categories across cases

Data Access

All data is available as structured JSON for programmatic access: