CFPB investigates business practices of Data Brokers. Is your personal data safe?

On March 15, 2023, the Consumer Financial Protection Bureau (CFPB) released a request for information (RFI) to investigate data brokers and businesses that gather, utilize, and sell consumer data.  The main goal of the RFI is to help both CFPB personnel and lawmakers comprehend today’s business practices better and decide if data brokers are protected by the Fair Credit Reporting Act (FCRA) as well as other statutory authorities.

The data broker industry is rapidly growing, allowing them to access more and more details of our daily lives due to their advanced technology capabilities. Data brokers are amassing mass amounts of information about us that includes minute aspects such as credit card expenses, web navigation habits and even sensitive info like financial records, health details, and religious convictions, all without any knowledge or consent from us!  The Federal Trade Commission (FTC) recently published a report that examines how companies utilize personal data gathered from both private and public sources. This includes using information for marketing, advertising campaigns, fraud detection, customer identity verification and people search databases. By combining the data collected on consumers, businesses are able to draw inferences about them as well. In response to this news, the CFPB has created an RFI to learn more about those companies who have direct relationships with customers.

The CFPB is working towards crafting regulations that will put Section 1033 of the Dodd-Frank Act into effect. This section stipulates that banks and other covered entities must provide consumers with their transaction data as well as any additional relevant information regarding consumer financial products or services when requested by them. To enable easier access to this data, Section 1033 also calls for the CFPB to set forth standards which promote the development of standardized formats for such information supplied to consumers.  The passage of the Dodd-Frank Wall Street Reform and Consumer Protection Act enabled the CFPB to take over rulemaking authority for most provisions of the FCRA. Not only do they possess this power, but have also been granted permission by Congress to enforce certain privacy rules from both Gramm-Leach Bliley and FCRA as well as address any deceptive or unfair practices related to how customer data is handled.

In 1970, Senator William Proxmire championed the Fair Credit Reporting Act (FCRA), which is now regarded as one of the most influential data privacy laws globally.  The FCRA was enacted in order to protect American citizens from having their private lives exposed without consent. The FCRA has been amended over the years, yet maintains its place in law. As technology and the internet have progressed, companies utilizing consumer data as part of their business models have arisen and developed significantly.

By passing the CFPA, Congress enabled the CFPB to issue FCRA regulations, as well as supervise its enforcement in collaboration with other Federal organizations. This move granted the CFPB exclusive authority over most of the provisions laid out by the FCRA. The CFPB was granted additional authorities from the CFPA that may be applicable to organizations collecting and selling personal information, such as those included in the Gramm-Leach Bliley Act’s privacy provisions. The CFPB has used its power to counter deceptive or unfair practices related to how consumer data is handled.

The CFPB is asking, amongst others, questions such as what types of information do data brokers collect, where the information originates and whether there are any other ways in which data brokers use and share collected information.  All public feedback must be submitted by June 13th, 2023.

At Global Legal Law Firm, our lawyers are familiar with the rapidly changing nature of electronic payments processing processors, and the ever changing regulations involved, with decades of expertise in ISOs, commercial collections, credit card brands, and other forms of electronic payment processing litigation. Let us guide you through this new and volatile environment, rather than attempting to navigate it on your own.