Professionals Services Insights Community
About Offices Careers
Home / Insights / CFPB Requests Information ...
PDF

March 21, 2023

Jonathan L. Pompan Michael M. Aphibal

CFPB Requests Information on Data Brokers and Business Practices

4 min

The Consumer Financial Protection Bureau (CFPB) has issued a request for information (RFI) to examine the practices of data brokers and businesses involved in the collection, use, and sale of consumer information on March 15, 2023. The purpose of the RFI is to help the CFPB and policymakers understand the current state of business practices and assess whether data brokers are covered by the Fair Credit Reporting Act (FCRA) and other statutory authorities. The CFPB is specifically interested in identifying any instances of consumer harm or market abuses, including those that Congress originally identified in passing the FCRA in 1970.

The CFPB's RFI signals a potential to engage in rulemaking to cover data brokers, as Director Rohit Chopra expressed concern over data surveillance practices and the monetization of sensitive consumer data. The RFI considers data brokers to be firms that collect, aggregate, sell, resell, or license consumers' personal information or otherwise share it with other parties. The CFPB is requesting information about first-party and third-party data brokers on the types of data they collect, the sources they rely on, and the controls they implement to ensure the quality and accuracy of the data.

Comments are due on or before June 13, 2023.

Background

Since the FCRA's enactment in 1970, companies using business models that sell consumer data have emerged with the growth of the internet and advancements in technology, and they may not be covered by the statute. Therefore, the CFPB is seeking to assess whether the FCRA and other statutory authorities reflect the market realities of data brokers.

The FCRA, enacted in 1970 and amended since then, established rules to govern the practices of "consumer reporting agencies." The law includes a prohibition on using or sharing certain personal data outside of permissible purposes set by Congress; a requirement that consumer reporting agencies follow reasonable procedures to ensure the accuracy of consumer reports; a right of consumers to obtain consumer reports about themselves; and a process for consumers to challenge inaccurate data in the consumer reporting agencies' files.

Through the RFI, the CFPB is seeking information on both companies that interact with consumers directly (first-party data brokers) and companies that do not have a direct relationship with a consumer (third-party data brokers). The RFI cites to a Federal Trade Commission report that describes how companies collect information from public and private sources for the purposes of marketing and advertising, combining and analyzing data about consumers to make inferences about those consumers, detecting fraud, verifying a consumer's identity, and providing people search databases, among others.

Rulemaking authority for most provisions of the FCRA was transferred from the FTC to the CFPB with the passage of the Dodd-Frank Wall Street Reform and Consumer Protection Act (the "Dodd Frank Act"). The CFPB also has the authority to enforce the FCRA (with others) and the privacy provisions of Gramm-Leach Bliley Act, and to address unfair or deceptive acts or practices related to the handling of consumer data.

The CFPB is also in the process of writing regulations to implement section 1033 of the Dodd-Frank Act, which provides that, subject to rules prescribed by the CFPB, a covered entity (for example, a bank) must make available to consumers, upon request, transaction data and other information concerning a consumer financial product or service that the consumer obtains from the covered entity. Section 1033 also directs the CFPB to prescribe by rule standards to promote the development and use of standardized formats for information made available to consumers.

Information Requests

The RFI asks for information in two categories: market level-inquiries (22 questions) and individual inquiries (7 questions). The following are some of the questions that the CFPB asked:

  • What types of data, including data that are financial in nature, do data brokers collect, share, or derive marketable insight from?
  • What sources do data brokers rely on to collect information? What technological components (e.g., tracking scripts, web-based plug-ins, pixels, or software development kits) facilitate brokers' collection of data?
  • What types of information do data brokers receive from financial institutions?
  • Does the nature of data brokers' collection of information related to consumer preferences and behaviors influence consumer purchasing patterns or levels of indebtedness? Does consumer data collected by data brokers facilitate a less competitive marketplace or more expensive financial products for consumers?
  • Are data brokers sharing information about particular groups of people, including protected classes?
  • What controls do data brokers implement to ensure the quality and accuracy of data they have collected?
  • What actions can people take to gain knowledge or control over data, or correct data, that are collected or shared about them?

The RFI also solicits information from individuals about their direct experiences with data brokers.

For a complete list of questions, see the RFI.

Related Articles

Four Cybersecurity Law Issues for Financial Services to Track in 2023

FCC Proposes Rule to "Close the Lead Generator Loophole," with Business-Changing Ramifications

CFPB Weighs in on Data Security; Will Firms with Poor Security Be in the Crosshairs?

Consumer Financial Services Outlook 2023

CFPB Seeks Information on "Consumer-Permissioned Access" to Financial Data

Related Services

Industries

Related Insights

A Fall of Fees: CFPB and FTC Announce New Efforts to Fight Alleged “Junk Fees”
A Fall of Fees: CFPB and FTC Announce New Efforts to Fight Alleged “Junk Fees”

October 13, 2023

9min
The CFPB Joins the FTC on Negative Option Marketing and Dark Patterns in New Circular
The CFPB Joins the FTC on Negative Option Marketing and Dark Patterns in New Circular

January 30, 2023

4min
CFPB Warning to Consumer Financial Services Digital Marketing Providers
CFPB Warning to Consumer Financial Services Digital Marketing Providers

August 12, 2022

6min
View More

Events

Consumer Financial Services Legal and Regulatory Update at the FCAA 2024 Annual Conference
Consumer Financial Services Legal and Regulatory Update at the FCAA 2024 Annual Conference

May 01 - 03, 2024 New Orleans, LA - Financial Counseling Association of America (FCAA)

Smarter Faster Payments 2024
Smarter Faster Payments 2024

May 06 - 09, 2024 NACHA

Register for the Event

Recent News

Venable Pro Bono Team Achieves Prisoner Release Under DC's Incarceration Reduction Amendment Act
Venable Pro Bono Team Achieves Prisoner Release Under DC's Incarceration Reduction Amendment Act

April 23, 2024

5min
American University Washington College of Law Alumni Association to Present Claudia Lewis with the Joseph H. Hairston Award on April 20
American University Washington College of Law Alumni Association to Present Claudia Lewis with the Joseph H. Hairston Award on April 20

April 19, 2024

1min
WAVe Presents: A Supreme Court Outlook and the Legacy of Ruth Bader Ginsburg
WAVe Presents: A Supreme Court Outlook and the Legacy of Ruth Bader Ginsburg

April 19, 2024

4min
View More