The Consumer Financial Protection Bureau has withdrawn a proposed rule aimed at protecting consumers from having their personal and financial information sold by data brokers.
The CFPB
The rule sought to limit data brokers from selling personal financial information on consumers such as Social Security numbers and phone numbers. Data brokers profit by selling data.
The Consumer Data Industry Association, which represents consumer reporting agencies, told the CFPB in April that the proposed rule was arbitrary and capricious, in violation of the Administrative Procedure Act.
Dan Smith, president and CEO of the CDIA, detailed in the letter how the proposed rule would substantially interfere with law enforcement and antifraud activities. He said the CFPB under Chopra sought to rewrite and expand the Fair Credit Reporting Act, which he said the CFPB "cannot do."
"The Supreme Court has been clear that an agency's ability to craft new legal requirements out of whole cloth is severely limited," Smith wrote.
Many companies rely on so-called "credit header data," the identifying information typically found at the beginning of a credit report, for identity verification and fraud prevention. Credit header data includes a consumer's name, address, Social Security number, and other personal details.
The CFPB's proposed rule, "Protecting Americans From Harmful Data Broker Practices" would have amended
The rule would have classified data brokers as credit reporting agencies under the FCRA. It would have required that data brokers obtain express, informed consent from consumers before selling their personal information. And it would have limited the use of consumer information for secondary uses such as targeted advertising or cross-selling. It also would have given consumers rights to access and correct information held by data brokers.
Smith said the CFPB's proposed rule "might sweep into its ambit any number of services that Congress never contemplated as consumer reporting agencies, such as court researchers, loan origination platforms, and government database providers."
The FCRA prohibits the sale of data for advertising, training and artificial intelligence. It also strictly limits the use of credit report data from being sold for any reason other than what Congress has specified as having a "permissible purpose," such as credit underwriting. It also requires that companies provide accurate information to credit bureaus and maintain safeguards against misuse.
Some of the largest technology company CEOs — from Meta's Mark Zuckerberg to Apple's Tim Cook, Tesla's Elon Musk to Google's Sundar Pichai — donated to President Trump's reelection campaign hoping to gain some business benefits.
The CFPB under Chopra had sought to regulate Big Tech firms that collect vast troves of sensitive data, including individualized data about a consumer's finances, which increasingly are being bought and sold by data brokers without consumers' knowledge or consent.
The goal of the proposal was to protect the most vulnerable consumers such as seniors and military servicemembers from being targeted by scammers and identity thieves. Data brokers were concerned that the rule would have set limits on data use that would impact companies that have anti-fraud tools.
