CFPB seeks input on data broker businesses
On March 15, the CFPB issued a Request for Information (RFI) seeking public input on data broker business practices in order to inform planned rulemaking under the FCRA and help the agency understand the current state of the industry. “Modern data surveillance practices have allowed companies to hover over our digital lives and monetize our most sensitive data,” CFPB Director Rohit Chopra said in the announcement. He added, “[o]ur inquiry will inform whether rules under the [FCRA] reflect these market realities.” The Bureau explained that the FCRA—which covers data brokers such as credit reporting companies and background screening firms, as well as parties who report information to these firms—provides several protections, including accuracy standards, dispute rights, and restrictions on how data can be used. The RFI seeks feedback on business models and practices used by the data broker market, including information about the types of data being collected and sold and the sources data brokers rely upon. In particular, the Bureau seeks information on consumer harm and market abuses, and wants to understand “whether companies using these new business models are covered by the FCRA, given the FCRA’s broad definitions of ‘consumer report’ and ‘consumer reporting agency.’” The Bureau stated it is also interested in learning about consumers’ direct experiences with data brokers, including when consumers try to remove, correct, or regain control of their data. Comments on the RFI are due by June 13.