InfoBytes Blog
CFPB’s Chopra discusses Personal Financial Data Rights rule
On October 23, CFPB Director Rohit Chopra released prepared remarks about the CFPB’s recent finalization of the Personal Financial Data Rights rule (the Rule) under Section 1033. The Bureau believes the Rule would give consumers greater control over their financial data. As previously covered in an Orrick insight, discussed on the RegFi Podcast, and briefed on InfoBytes, the CFPB mandated that financial institutions under the EFTA, credit card issuers under TILA, and other financial services providers such as digital wallet providers (collectively “data providers”) would make covered data available to consumers and third parties in a standardized format.
The Rule would also allow consumers to authorize third parties to obtain data on their behalf, require these third parties to adhere to federal data security requirements, and seek to discourage the practice of “screen scraping.” Authorized third parties must minimize the data they collect, secure it and delete it upon consumer revocation. They would also be prohibited from obtaining permanent authorization to obtain consumers’ data.
The Rule would allow banks and fintech companies to deny third party data access requests if the requesting company does not meet minimum standards, such as proving consumer authorization and disclosing their legal entity identifier. Furthermore, the Rule would impose significant limitations on how companies can use consumer data, restricting its use to the specific product or service requested by the consumer and forbidding unrelated reuse of the data. According to CFPB Director Chopra, these measures collectively aim to enhance privacy and security in financial markets, countering the trend toward surveillance pricing. As an example, the CFPB noted how a rideshare company could use financial data to charge higher prices after a consumer receives his or her paycheck.