Industry Asks CFPB to Withdraw Data Broker Rule; Advocates Disagree
The Consumer Financial Protection Bureau should withdraw the Biden administration’s proposed data broker rule because it’s an “illegal” expansion of the Fair Credit Reporting Act, industry groups told the bureau in comments due Wednesday (see 2503040058).
Sign up for a free preview to unlock the rest of this article
Consumer advocates urged CFPB to move forward with regulating data brokers under FCRA. For example, the California Privacy Protection Agency pointed to the state’s Delete Act law as a potential framework for the CFPB to explore in formulating regulations for data brokers.
CFPB nominee Jonathan McKernan, during his Feb. 27 confirmation hearing before the Senate Banking Committee, credited former Director Rohit Chopra for focusing on privacy-related issues related to the industry. The CFPB didn’t comment Thursday on whether it plans to move forward with the rule.
Groups asking for a withdrawal include the Software & Information Industry Association, Interactive Advertising Bureau, Consumer Data Industry Association and the Association of National Advertisers. Tech and open finance groups told the CFPB during the first round of comments in March that the rule exceeds statutory authority under FCRA.
The Electronic Privacy Information Center, National Consumers League and Consumer Federation of America this week filed joint comments crediting the prior administration for trying to regulate modern data broker issues.
Industry groups took issue with the CFPB’s proposal to expand FCRA definitions of “consumer report” and “consumer reporting agency.” The CFPB seeks to “reformulate many aspects of those terms, often while conceding that its interpretation breaks from the way courts, other agencies, and industry stakeholders have understood and relied on FCRA for decades,” said IAB.
CDIA claims the new rule would mean tens of thousands of new entities would fall within the scope of FCRA regulations. “It is not the CFPB’s place to rewrite the law to address what it believes are problems with the data broker industry; that responsibility lies with Congress,” the association said. The Association of National Advertisers agreed a federal privacy law would be a better way to address data broker concerns.
EPIC, NCL and CFA said the CFPB is right to treat data brokers as credit reporting agencies because they often engage in the same type of data-handling activity: Updated definitions would ensure data brokers are treated the same. The groups support the proposed rule’s attempt to make clear that “providing consumer reports to third parties for marketing and advertising” is illegal under FCRA. Credit reporting agencies often allow third parties to use consumer reports for advertising purposes without consumer consent, they added.
The CPPA outlined how California has implemented and enforced its Delete Act, which, it said, established a “first-in-the-nation global data broker deletion requirement.” The agency noted how the new law requires data brokers to register and pay annual registration fees, disclose how consumer data is used, report to FCRA is used to regulate data brokers and establish regular auditing requirements starting in 2028. “These protections align with and operate alongside the protections currently offered under FCRA and would continue to operate alongside the proposed regulations for non-consumer reporting data brokers,” the agency said.