The Consumer Financial Protection Bureau (CFPB) is asking companies that “track and collect information on people’s personal lives” to provide information to the agency as it considers rulemaking under the Fair Credit Reporting Act (FCRA).

The agency issued a request for information (RFI) Wednesday for data brokers, which it defined as “firms that collect, aggregate, sell, resell, license, or otherwise share consumers’ personal information with other parties.” It noted the FCRA governs consumer reporting agencies but that companies relying on new technologies when using business models that sell consumer data claim not to be covered by the FCRA.

The CFPB said these companies, whether they be called data brokers, data aggregators, or platforms, “all share a fundamental characteristic with consumer reporting agencies—they collect and sell personal data.”

“People should be able to expect companies to safeguard their most personal and intimate information and should be able to have knowledge and control over how companies obtain and use their data,” the RFI stated. “Surveys have found that people are concerned about being tracked and surveilled by companies and express concern about the lack of control over how data collected about them is used.”

Congress transferred rulemaking authority for most provisions of the FCRA from the Federal Trade Commission to the CFPB upon the latter’s creation under the Consumer Financial Protection Act of 2010.

The CFPB would like data brokers to tell the agency what kind of data they collect, particularly financial data; what sources and collection methods they use; whether they use public sources; whether customers are “unknowingly deceived or manipulated” into supplying personal data; and how data brokers use technology to collect personal data.

The CFPB is also interested in hearing about people’s direct experiences with these companies, including when individuals attempt to remove, correct, or regain control of their data.

“This feedback will shed light on the current state of an industry that largely operates out of public view and inform the CFPB’s future work to ensure that these companies comply with federal law,” the agency said in a press release.

The RFI will be published in the Federal Register, and the public will have until June 13 to submit comments.

Aaron Nicodemus covers regulatory policy and compliance trends for Compliance Week. He previously worked as a reporter for Bloomberg Law and as business editor at the Telegram & Gazette in Worcester, Mass.

Topics