Consumer Groups Oppose Congress Repealing CFPB Rule on Payment App Privacy

“The CFPB has provided needed oversight to these payment apps to protect millions of users, but the Congress is poised to overturn the CFPB protections and give these payment apps -- including Musk’s X -- a get out of jail free card for future fraud, data harvesting, and arbitrary account deactivation that occur on their platforms,” said Patrick Woodall, managing director of policy for Americans for Financial Reform. “The implications of having zero oversight of the payment behemoths that are taking shape as Big Tech enters finance are truly shocking.”

In a letter to the U.S. Senate from March 5, EPIC, AFR and over 100 more civil society organizations urged Congress not to adopt the Congressional Review Act (CRA) resolution S.J. Res 28, which would repeal the CFPB’s finalized payment app user protection rule. “The CRA resolution would allow these Big Tech companies to evade the statutory protections that people deserve to be free from fraud, abuse, deception, or personal data harvesting," the letter said.

This is not the only threat to privacy and data security from the Trump administration, said Caroline Kraczon, EPIC Law Fellow, in a blog post Friday. Elon Musk and the Department of Government Efficiency entered CFPB headquarters to "to rifle through sensitive data, both about consumers and the financial institutions regulated by the CFPB,” she said. “DOGE has ignored the laws and rules that restrict access to the data held by the CFPB, which puts consumers at risk and threatens to destabilize the financial services marketplace.” Kraczon said this access violates CFPB rules, the Privacy Act and the Federal Information Security Modernization Act -- and has been the center of recent lawsuits (see 2502100068).