CFPB to withdraw rule targeting data brokers – CyberScoop
The Consumer Financial Protection Bureau is set to withdraw a Biden-era rule aimed at cracking down on data brokers and their selling of Americans’ personal and financial information.
In a notice set to publish Thursday in the Federal Register, the CFPB said legislative rulemaking on the data broker industry “is not necessary or appropriate at this time,” and the agency does not plan to “take any further action” on the proposal. The notice was issued by Russell Vought, acting director of the agency, head of the Office of Management and Budget and a Project 2025 architect.
The withdrawal of the rule, which was first reported by Wired, comes after President Donald Trump’s initial nominee to lead the CFPB signaled to Congress in February an openness to continuing Biden administration data-broker rules.
Jonathan McKernan, a former Treasury Department and Federal Housing Finance Agency staffer, told the Senate Banking Committee that Rohit Chopra — President Joe Biden’s CFPB director — “was onto something” with his policies targeting data brokers and data aggregators.
“And I think it’s important that we — both in the regulated space and then the rest of our elected officials — continue to focus on this,” McKernan, a former Federal Deposit Insurance Corp. board member, said at the time. “As these entities are collecting more and more data and the analytics get more and more powerful, there’s some real policy issues here.”
Though McKernan’s CFPB nomination advanced out of committee, he never received a full Senate vote and has since been nominated to serve as the Treasury Department’s undersecretary of domestic finance. The New York Times reported last week that McKernan’s CFPB nomination will be dropped.
Chopra had introduced the data-broker rule last December, part of an agency effort to limit the sale of Social Security numbers, phone numbers and other identifying information collected by some companies. The rule would have classified data brokers as consumer reporting agencies under the Fair Credit Reporting Act, locking the industry in to certain accuracy and compliance standards.
The CFPB’s withdrawal notice took particular issue with the rule’s focus on the Fair Credit Reporting Act, saying that the proposal was “not aligned with the Bureau’s current interpretation of the FCRA, which it is in the process of revising.” Other related policy objectives have also changed, the notice stated.
The agency also cited “numerous concerns” about the rule raised in public comments, specifically regarding the CFPB’s statutory authority and its “propriety under the plain text of the FCRA.” More than 600 comments were submitted on the rule.
“When and if the Bureau determines it necessary to issue a rule implementing the relevant definitions and provisions of the FCRA, it will propose a new rule and seek public comment thereon,” the notice said.
Industry groups were largely opposed to any Biden-era rules governing data brokers, especially one that barred the selling of bulk sensitive information to adversarial foreign entities. Chopra frequently made the case during his time leading the CFPB that the misuse of personal data was a national security issue.
Naveed Shah, political director of the veteran-led grassroots group Common Defense, said in a statement that the rule protected Americans’ privacy and personal data “from exploitation,” ensuring that data brokers followed the same rules as companies that handle sensitive financial data.
“Without it, data brokers can continue profiting by selling personal information to unscrupulous actors, including scammers and foreign governments, putting millions at risk,” Shah said. “The decision prioritizes corporate profits over the safety and security of individuals, including vulnerable groups like servicemembers and veterans.”
Matt Schwartz, policy analyst at Consumer Reports, said in a statement that the decision to drop the data-brokers rule is the latest in a series of Trump administration moves to “abandon the CFPB’s critical mission to protect consumers.”
“Data brokers collect a treasure trove of sensitive information about virtually every American and sell that information widely, including to scammers looking to rip off consumers,” Schwartz said. “Dropping these proposed limits will leave consumers unprotected and make it more likely that sensitive information like their Social Security numbers will wind up in the hands of crooks.”
Ridhi Shetty, senior policy counsel for the Center for Democracy & Technology’s Privacy & Data Project, echoed those concerns, saying in a statement that the rescission of the rule cuts against the CFPB’s post-financial crisis mission of “tackling companies’ misuse of people’s private data.”
“The agency’s proposed rule to address data broker practices was a critical step toward reining in an industry that vacuums up and monetizes people’s most personal information,” Shetty said. “Rescinding that proposed rule does a disservice to consumers, and exposes them to predatory financial offers, fraud, identity theft, and threats to their personal safety.”
The CFPB under the Trump administration has been targeted early and often, with Vought ordering agency staffers to stop their work and Elon Musk dispatching DOGE on the bureau while calling for its death. The Associated Press reported in March that 90% of the CFPB’s staff had been cut.
The post CFPB to withdraw rule targeting data brokers appeared first on CyberScoop.
–
Read More – CyberScoop