CFPB eyeing data broker practices in planned rulemaking push
By 
Aaron Nicodemus2023-03-16T17:06:00
The Consumer Financial Protection Bureau (CFPB) is asking companies that “track and collect information on people’s personal lives” to provide information to the agency as it considers rulemaking under the Fair Credit Reporting Act (FCRA).
The agency issued a request for information (RFI) Wednesday for data brokers, which it defined as “firms that collect, aggregate, sell, resell, license, or otherwise share consumers’ personal information with other parties.” It noted the FCRA governs consumer reporting agencies but that companies relying on new technologies when using business models that sell consumer data claim not to be covered by the FCRA.
The CFPB said these companies, whether they be called data brokers, data aggregators, or platforms, “all share a fundamental characteristic with consumer reporting agencies—they collect and sell personal data.”
Related articles
-
News BriefCFPB warns lenders on use of AI in credit denial process
The Consumer Financial Protection Bureau warned lenders using artificial intelligence in credit denials that consumers must receive accurate and specific reasoning—and not checklists—for why a credit request was denied.
-
PremiumCFPB’s Chopra teases new rules for data brokers at White House roundtable
The Consumer Financial Protection Bureau is moving forward with plans to propose new rules for data brokers that would regulate their personal data gathering activities under the Fair Credit Reporting Act.
-
News BriefACI Worldwide to pay $20M in settlement with states over data handling
ACI Worldwide is set to pay $20 million as part of a proposed settlement with states related to lax data handling and erroneous transactions that resulted in previous penalties against the company levied by the Consumer Financial Protection Bureau.
More from Regulatory Policy
-
ArticleNine states collaborating on data privacy enforcement across state lines
Nine states are collaborating to write and enforce comprehensive data privacy laws, in an effort to protect consumers across jurisdictions and due to the absence of a broad, federal privacy law.
-
News BriefFINTRAC hits British Columbia crypto firm with record $125M penalty for AML failures
Canada’s financial intelligence agency has issued its largest-ever penalties against a cryptocurrency exchange, a fine of $126 million (CA$176.9 million). The agency said the exchange’s compliance failures represented a “severe breach of Canada’s anti–money laundering framework.”
-
ArticleNYDFS to firms: apply cybersecurity rules to third-parties
The New York State Department of Financial Services (NYDFS) wants financial firms to step up their game when it comes to third parties and cybersecurity.