The bureau’s rulemaking inquiry includes questions for market participants on data collection and sharing processes.
03/26/2023 12:00 P.M.
3 minute read
The Consumer Financial Protection Bureau is seeking public and market input on the activities of data brokers as part of plans to issue a rulemaking under the Fair Credit Reporting Act.
According to the CFPB, the request for information (RFI) is seeking information to:
- “Help inform the CFPB about new business models that sell consumer data, including information relevant to assessments of whether companies using these new business models are covered by the FCRA, given the FCRA’s broad definitions of ‘consumer report’ and ‘consumer reporting agency,’ or other statutory authorities, and
- Collect information on consumer harm and any market abuses, including those that resemble harms Congress originally identified in 1970 in passing the FCRA.”
“Modern data surveillance practices have allowed companies to hover over our digital lives and monetize our most sensitive data,” said CFPB Director Rohit Chopra in a news release. “Our inquiry will inform whether rules under the Fair Credit Reporting Act reflect these market realities.”
The CFPB is interested in information about “the business models and practices of the data broker market, including details about the types of data the brokers collect and sell and the sources they rely upon,” it reports.
The RFI includes questions for market-level inquiries, 22 in total, and seven questions for individual inquiries.
The market-level inquiry questions include:
- What types of data do data brokers collect, aggregate, sell, resell, license, derive marketable insights from, or otherwise share?
- What sources do data brokers rely on to collect information? What collection methods do data brokers use to source information?
- What specific types of information do data brokers receive from financial institutions? Do financial institutions place any restrictions on the use of this data? Under what circumstances do consumers consent to this data sharing or receive an opportunity to opt-out of this sharing?
- Which specific entities and types of entities collect, aggregate, sell, resell, license, or otherwise share consumers’ personal information with other parties?
- Does the granular nature of data brokers’ collection of information related to consumer preferences and behaviors influence consumer purchasing patterns or levels of indebtedness? Describe the nature of such collection and how it may influence purchasing patterns.
- Does consumer data collected by data brokers facilitate a less competitive marketplace or more expensive financial products for consumers, and if so, how?
- Which specific entities and types of entities purchase data from data brokers? How do these entities use the purchased data?
- What information do State-level data broker registries provide? How is this information made available and used? Are State-level data broker registries adequate to prevent harm? How could they be improved?
- What controls do data brokers implement in order to protect people’s data and safeguard the privacy and security of the public? Are these controls adequate?
- What controls do data brokers implement to ensure the quality and accuracy of data they have collected?
- How have data broker practices evolved due to new technological developments, including machine learning or other advanced computational methods?
Comments on the RFI, available in the Federal Register, are due June 13, 2023.
To file comments:
Email: [email protected]. Include the document title and Docket No. CFPB-2023-0020 in the subject line of the message.
Visit the federal eRulemaking portal, https://www.regulations.gov/commenton/CFPB-2023-0020-0001, and follow the instructions for submitting comments.
The public and market input will help the CFPB “gain a better understanding about the current state of business practices in this area. The CFPB is also interested in hearing about people’s direct experiences with these companies, including when individuals attempt to remove, correct, or regain control of their data,” according to the news release.
Read the complete RFI here.