Newsroom
CFPB’s Chopra outlines plan to rein in data brokers
CFPB Director Rohit Chopra participated in a roundtable at the White House earlier this week and shared an update on the bureau’s efforts to address issues related to data brokers and consumer credit reports, which could impact credit unions and their use of consumer reports.
Chopra explained the bureau is working on two proposals to:
- bring data brokers under the umbrella of the Fair Credit Reporting Act (FCRA) and “would generally treat a data broker’s sale of data regarding, for example, a consumer’s payment history, income, and criminal records as a consumer report, because that type of data is typically used for credit, employment, and certain other determinations. This would trigger requirements for ensuring accuracy and handling disputes of inaccurate information, as well as prohibit misuse,” Chopra said. He added that the bureau plans to publish an outline of proposals and alternatives under consideration for a proposed rule next month, which will then be considered by a Small Business Regulatory Enforcement Fairness Act (SBREFA) panel to help craft a rule. A proposed rule is expected in 2024; and
- clarify whether credit header data, which is primarily identifying information, is a consumer report. This could have implications for the applicability of FCRA rules, such as the permissible purpose restriction.
Chopra also claimed that the large amounts of data required by artificial intelligence (AI) models creates “financial incentives” for increased data surveillance, which could erode individual privacy.
NAFCU last month sent feedback to the bureau on its request for information related to data broker practices. Credit unions rely on data aggregators to understand members better, access alternative data, verify personal information, and detect fraud. The industry complies with strong data security standards to ensure its members remain protected. The association argued the CFPB’s application of the FCRA should not impair credit unions’ access to data, nor increase their regulatory burdens; however, NAFCU has called on the CFPB to subject data aggregators to similar supervision as financial institutions to ensure they are complying with applicable laws.