Trump CFPB Abandons Data Broker Rule Aimed at Decreasing Fraud and Identity Theft
Convergence of Big Tech, Big Banks, and Big Data will create Big Trouble 

By Christine Chen Zinner

Earlier this week, the Trump CFPB withdrew the agency’s previously proposed data broker rule, which would have limited how our sensitive and private financial data is collected, used, and sold. With little to no other regulation over data brokers, the withdrawal of this rule will allow companies to collect and sell our private and sensitive financial data to third party strangers without oversight or accountability.

Data brokers are companies that collect and sell our personal information, often without our awareness or consent. Their inventory for sale can include our name, address, Social Security number, sensitive financial information, purchase history, and other personal information. In recent years, the multi-billion dollar data broker industry has exploded, and in the process, contributed to identity theft and fraud, particularly towards older adults and servicemembers. 

Data collection happens much more often than most people realize. Data collected can range from our online searches, to which purchases we make, to our public records. We may be forced to agree to sharing data that might be bundled, tracked, and sold just to access an app or a streaming service. And this constant collection and selling can lead to multiple problems. 

Researchers have found, for example, that overseas servicemembers’ private and personal information could be purchased cheaply for pennies on the dollar. Such third-party sales  leave service members particularly vulnerable to fraud and exploitation, and have been deemed a national security risk. 

Data collection can lead to unexpected price hikes, as OnStar Smart Drive app users found out when they were surprised with higher auto insurance rates after LexisNexis collected driving data through the same app, without informing anyone. Similarly, the Texas Attorney General alleged that Allstate Insurance-owned data broker Arity unlawfully collected, used, and sold driving data from 45 million people without obtaining their consent. Groups that work with domestic violence survivors have reported on the dangers of data collection and ensuing breaches that might reveal a survivor’s location, despite efforts to hide from their abusers.

To cut down on some of these dangers, the CFPB’s data broker proposal would have limited the sale of personal identifiers, like Social Security Numbers and phone numbers, collected by certain companies. The rule would also have improved privacy by only allowing companies to collect personal financial data that is needed to fulfill their duties, and by prohibiting them from selling this data to third parties for unrelated reasons. 

Currently, many banks sell or share personal financial data to third parties like data brokers or other companies for marketing or other purposes. The financial data that banks have on their customers is especially valuable to data brokers because it includes not just purchases but also a deeper level of information like their history of deposits, savings, investment, credit, and more. 

The proposal would have also required companies to make sure that sensitive financial data such as income is only shared for legitimate purposes under limited circumstances. If a data broker profits from selling certain sensitive consumer information, they would have been considered a “consumer reporting agency” under the Fair Credit Reporting Act (FCRA), and would need to abide by FCRA requirements to make sure that data they collect is accurate and that they establish strong safeguards against data misuse. And the proposal required that consumers be able to access their own information and data collected by brokers.

As if our current situation were not troublesome enough, the Trump administration unleashed a new threat to data integrity and privacy. Elon Musk’s DOGE has  invaded financial regulatory agencies, including the CFPB, and illegally collected sensitive and private data. At the same time, the Trump CFPB is slowly grinding away at the integrity of data that benefits consumers, namely the information collected in its complaint database.

By rolling back blocking the path for the proposal by the Biden-era CFPB to become a final regulation, the Trump administration is giving permission for the erosion of our privacy and the security of our financial information to continue. They are allowing financial companies to make us let them use and sell vast amounts of personal data in order to access basic services and inviting abuse by data brokers, who can sell sensitive personal financial data to the highest bidder. Throwing out this rule allows data harvesting and sale to proliferate across the economy and our lives.  

###