CFPB’s Latest Rulemaking Inquiry Focuses on Data Brokers and the FCRA

regulations sign with paperclipsThe bureau’s rulemaking inquiry includes questions for market participants on data collection and sharing processes.

03/26/2023 12:00 P.M.

3 minute read

The Consumer Financial Protection Bureau is seeking public and market input on the activities of data brokers as part of plans to issue a rulemaking under the Fair Credit Reporting Act.

According to the CFPB, the request for information (RFI) is seeking information to:

  • “Help inform the CFPB about new business models that sell consumer data, including information relevant to assessments of whether companies using these new business models are covered by the FCRA, given the FCRA’s broad definitions of ‘consumer report’ and ‘consumer reporting agency,’  or other statutory authorities, and
  • Collect information on consumer harm and any market abuses, including those that resemble harms Congress originally identified in 1970 in passing the FCRA.”

“Modern data surveillance practices have allowed companies to hover over our digital lives and monetize our most sensitive data,” said CFPB Director Rohit Chopra in a news release. “Our inquiry will inform whether rules under the Fair Credit Reporting Act reflect these market realities.”

The CFPB is interested in information about “the business models and practices of the data broker market, including details about the types of data the brokers collect and sell and the sources they rely upon,” it reports.

The RFI includes questions for market-level inquiries, 22 in total, and seven questions for individual inquiries.

The market-level inquiry questions include:

  • What types of data do data brokers collect, aggregate, sell, resell, license, derive marketable insights from, or otherwise share?
  • What sources do data brokers rely on to collect information? What collection methods do data brokers use to source information?
  • What specific types of information do data brokers receive from financial institutions? Do financial institutions place any restrictions on the use of this data? Under what circumstances do consumers consent to this data sharing or receive an opportunity to opt-out of this sharing?
  • Which specific entities and types of entities collect, aggregate, sell, resell, license, or otherwise share consumers’ personal information with other parties?
  • Does the granular nature of data brokers’ collection of information related to consumer preferences and behaviors influence consumer purchasing patterns or levels of indebtedness? Describe the nature of such collection and how it may influence purchasing patterns.
  • Does consumer data collected by data brokers facilitate a less competitive marketplace or more expensive financial products for consumers, and if so, how?
  • Which specific entities and types of entities purchase data from data brokers? How do these entities use the purchased data?
  • What information do State-level data broker registries provide? How is this information made available and used? Are State-level data broker registries adequate to prevent harm? How could they be improved?
  • What controls do data brokers implement in order to protect people’s data and safeguard the privacy and security of the public? Are these controls adequate?
  • What controls do data brokers implement to ensure the quality and accuracy of data they have collected?
  • How have data broker practices evolved due to new technological developments, including machine learning or other advanced computational methods?

Comments on the RFI, available in the Federal Register, are due June 13, 2023.

To file comments:

Email: [email protected]. Include the document title and Docket No. CFPB-2023-0020 in the subject line of the message.

Visit the federal eRulemaking portal,, and follow the instructions for submitting comments.

The public and market input will help the CFPB “gain a better understanding about the current state of business practices in this area. The CFPB is also interested in hearing about people’s direct experiences with these companies, including when individuals attempt to remove, correct, or regain control of their data,” according to the news release.

Read the complete RFI here.

Remember, subscribe to ACA Daily and Member Alerts under your My ACA profile when logged in to to receive updates on the ACA Huddle.

If you have executive leadership updates or other member news to share with ACA, contact our communications department at [email protected]. View our publications page for more information and our news submission guidelines here.


Training Zone


One moment please...

Share Profile

This site uses cookies. By continuing to use our site, you are agreeing to our use of cookies. Review our Privacy Policy for more information. You may change your preferences on how cookies are stored by reviewing the settings on your browser.

The content on this site is presented for educational, general reference, and informational purposes only; is not intended to serve as legal or other advice; is not intended to be a full and exhaustive explanation of the law in any area; and should not replace the advice of your own legal counsel. By continuing to use our site, you are agreeing to the legal disclaimers in our Terms of Use. Review our Terms of Use for more information.

Friendly Reminder

Get continued access to ACA International’s wide array of resources, which can help you become more profitable, compliant and successful.

Renew your membership today to take advantage of tools you won’t find anywhere else:

  • Discounts on seminars, products, services and events
  • Resources to strengthen your compliance department
  • Industry-specific risk management products and services
  • Participation in ACA’s online community, The Hub
    Members-only website content
  • Professional development and training opportunities, and so much more!

If you have completed your renewal, please disregard this reminder.