Proposals aim to give consumers more control over their personal financial data and make it easier to switch to other financial providers
WASHINGTON, D.C. – In a comment letter filed with the Consumer Financial Protection Bureau, Consumer Reports called on the agency to adopt strong rules that protect consumers’ privacy and prevent their data from being shared without rigorous informed consent. The CFPB is considering options for a proposed personal financial data rulemaking as required under Section 1033 of the Dodd-Frank Act.
The rulemaking aims to give consumers greater control over their financial information so they can leverage their data to their own benefit. This would enable consumers to more easily move away from companies that provide unsatisfactory products or services and switch to competing financial firms that offer better opportunities.
Consumer Reports comment letter points out. “Permissioned data sharing can help consumers better manage their debt, budget their earnings, and save towards their goals. It can expand access to credit to many creditworthy Americans who are excluded by the credit reporting system’s outdated mechanisms. It can facilitate wealth building and enable the behaviors that contribute to financial well-being. The consumers who are likely to benefit most from permissioned data sharing are those who traditionally have been excluded and underserved by the financial system.”
CR’s letter cautions, however, that these benefits will be undermined if the proposed rules do not include strong consumer protections and oversight by the CFPB. CR called on the CFPB to ensure that its proposed rule include the following:
- Coverage of data providers should be expanded to include Buy Now, Pay Later firms and Earned Wage Access programs.
- Authorization procedures should be modeled on the informed consent protocols prescribed for human subjects research under the Common Rule. These should be specific and tightly enforced.
- Data should be provided in ways that protect consumers’ personal identifying information as well as financial information, and data providers should be prohibited from charging fees for the provision of consumer data.
- Third parties must observe data minimization requirements, provide a way for consumers to revoke authorization, and permit secondary uses on an opt-in basis.
Michael McCauley, email@example.com, 415-902-9537