Industry Says CFPB Data Broker Rule Exceeds FCRA’s Scope
The Consumer Financial Protection Bureau’s proposed data broker rule exceeds the CFPB's authority under the Fair Credit Reporting Act (FCRA), tech and open finance groups told the agency in comments this week (see 2503030069).
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
Monday was the original deadline for the rule initiated by former CFPB Director Rohit Chopra, but the comment period was extended to April 2. The Trump administration paused all rulemaking proceedings pending review. CFPB nominee Jonathan McKernan, during his Feb. 27 confirmation hearing before the Senate Banking Committee, credited Chopra for focusing on privacy-related issues related to the data broker industry. “These entities are collecting more and more data, and the analytics get more and more powerful,” he said. “There’s some real policy issues here, and I think Director Chopra was onto something.”
The Computer & Communications Industry Association commented that the data broker rule exceeds FCRA's scope and is unconstitutional. The rule broadens definitions for consumer report and consumer reporting agency “beyond what is legally permissible,” said CCIA. The association argued that the CFPB is attempting to address national security concerns through FCRA. There are better regulatory mechanisms, such as DOJ’s export control laws or its new rule on bulk transfers of sensitive data to countries of concern (see 2501060042), said CCIA. The bulk transfer rule is set to take effect April 8.
The Financial Data and Technology Association (FDATA) of North America, which represents open finance entities, agreed the data broker rule exceeds statutory authority under FCRA. FDATA took issue with the rule’s expanded definitions for consumer report and consumer reporting agency. The association argued “consumer-permissioned open finance platforms” are fundamentally different than FCRA-regulated consumer reporting agencies (CRAs). Open finance platforms primarily exist to allow consumers to share financial data with consumers’ explicit consent, said FDATA.
“Classifying them as CRAs mischaracterizes their role, imposes unnecessary regulatory burdens, and stifles innovation and competition without added consumer protections,” the association said. FDATA asked the CFPB to exclude consumer-permissioned open finance platforms from the rule to avoid regulatory confusion. The open finance industry would be better addressed using CFPB’s Section 1033 rulemaking, not FCRA, the association said. Section 1033 governs for how entities must provide access to consumer financial data.
Sen. Catherine Cortez-Masto, D-N.M., submitted comments asking CFPB to exempt certain law enforcement data handling from the rule. She urged the CFPB not to classify investigation-related “credit header information” as a consumer report under the new rules. “I am concerned that any limitation on law enforcement’s access to credit header data has potential to stall investigations as this type of data is currently the quickest and most efficient way to obtain crucial information,” she said.