The Consumer Financial Protection Bureau (CFPB) is withdrawing a proposal, originally passed during the lame-duck period of the Biden administration, that aimed to curb the sale of personal information by data brokers.
At the time, then-CFPB Director Rohit Chopra said the rule was necessary to address national security, surveillance issues, and the risk of criminal exploitation associated with data broker practices. But this week, in a Federal Register notice, acting CFPB Director Russell Vought said the agency had determined the rule was not necessary at this time. Vought stated that the rule didn’t align with the agency’s current interpretation of the Fair Credit Reporting Act (FCRA) of 1970, which is currently under review.
The rule sought to classify data brokers as consumer reporting agencies under the FCRA. Under this designation, any organization selling data on income, financial status, credit history, credit scores, or debt payments would be required to comply with the FCRA. Brokers could only sell such information if the buyer can demonstrate a permissible purpose, and marketing does not constitute as a legitimate business need.
Concerns Over Criminal Acts
In addition to legitimate data brokers, would-be identity thieves and criminals also had access to the same detailed financial profiles available to credit bureaus and other legitimate entities. The rule would have protected consumers from having such data sold to malicious actors.
As of December, when the CFPB introduced the rule, the United States was the only Western democracy not to have enacted similar nationwide data protections. The global data broker industry is expected to top $460 billion by 2031.
The data broker proposal is the latest rulemaking at the agency to be rolled back in recent days. Vought has withdrawn nearly 70 policy statements, interpretive rules, and guidance that the CFPB had issued since its creation in 2011.
The Legislative Alternative
If the rule is reinstated, it will likely come in the form of a law. Last year, Republican and Democratic representatives from Washington State jointly introduced The American Privacy Rights Act (APRA), designed to regulate the buying and selling of personal data collected from consumers, both with and without their consent.
After reports that House GOP leaders planned to scuttle the bill, the measure was tabled last June before it ever came to a vote.
The post CFPB Rescinds Rule Limiting Sale of Personal Data appeared first on PaymentsJournal.
