The CFPB wants to rein in data brokers

The Consumer Financial Protection Bureau (CFPB) is proposing new regulations aimed at holding data brokers accountable under the Fair Credit Reporting Act (FCRA). CFPB Director Rohit Chopra outlined the agency’s intentions to ensure greater accountability for companies involved in buying and selling consumer data, aligning with President Joe Biden’s executive order from February.

Key points from Chopra’s speech and the proposed regulations include:

1. Definition of Data Brokers: The CFPB is considering defining data brokers that sell certain types of data as “consumer reporting agencies,” subjecting them to compliance with the FCRA. This move would regulate the sharing of specific kinds of data, such as credit reports, and restrict it to purposes outlined in the law, like employment or extending lines of credit.
2. National Security Concerns: Chopra emphasized the national security implications of data brokerage, citing high-profile data breaches like the Anthem, Equifax, and Marriott incidents. He highlighted the risks posed by foreign adversaries obtaining Americans’ personal data, framing the issue as a matter of safety and security.
3. Legal Data Brokerage: Chopra pointed out that beyond headline-grabbing hacks, legal data brokerage poses a pervasive threat. Data brokers can legally sell detailed personal information to anyone willing to pay for it, raising concerns about the potential misuse of such data by foreign intelligence services and other entities.
4. Foreign Access to Data: Chopra noted that data brokers can sell data to countries of concern or entities controlled by them, potentially allowing foreign intelligence services to access detailed personal information about Americans. This access raises concerns about surveillance and blackmail targeting individuals.
5. Legislative Response: In response to these concerns, the House passed the Protecting Americans’ Data from Foreign Adversaries Act, which aims to prohibit data brokers from selling personally identifiable information to entities controlled by foreign adversaries. The bill would impose penalties on data brokers selling sensitive information to certain countries.
6. Government Use of Data Brokers: Chopra highlighted how government agencies, including the Department of Homeland Security, rely on data brokers for surveillance purposes. This underscores the need for regulation and oversight to protect individuals’ privacy and civil liberties.

Overall, the proposed regulations and legislative efforts reflect growing concerns about the potential misuse of consumer data by both domestic and foreign entities. The focus on national security underscores the urgency of addressing these issues to safeguard individuals’ privacy and security in an increasingly data-driven world.