News

CFPB Abandons Data Broker Rule, Raising Privacy Concerns

7508
15
May

In a move sparking controversy, the Consumer Financial Protection Bureau (CFPB) has withdrawn a proposed rule aimed at shielding Americans from the often unseen world of data brokers. This decision effectively halts efforts to regulate the sale of sensitive personal information, including financial data, credit history, and Social Security numbers.

The now-abandoned rule, initially proposed in December under former director Rohit Chopra, sought to ensure data brokers obtained explicit consent before selling or sharing Americans’ personal data. Chopra had argued the regulations were vital to combatting commercial surveillance practices that endangered both personal safety and national security.

However, the CFPB, under acting director Russell Vought, quietly retracted the proposal, stating in a Federal Register notice that the rule was no longer deemed “necessary or appropriate.” Vought cited “updates to Bureau policies” and the agency’s ongoing review of the Fair Credit Reporting Act (FCRA) as reasons for the withdrawal.

Data brokers operate in a largely unregulated, multi-billion dollar industry, collecting and selling vast amounts of personal information without individuals’ awareness or consent. These companies compile detailed profiles encompassing everything from location history and political affiliations to religious beliefs, often reselling this data for various purposes, including marketing and law enforcement surveillance.

Critics argue that the CFPB’s decision leaves Americans vulnerable to potential harm. Sean Vitka, executive director of Demand Progress, stated that the withdrawal ensures Americans will continue to be targeted by scams and that military members and their families remain susceptible to espionage and blackmail.

The move has also drawn fire from privacy advocates who believe the FCRA should be used to regulate the data broker industry. Common Defense, a veteran-led non-profit, previously warned the CFPB about the risks data brokers pose to service members, who are particularly vulnerable to blackmail and targeting by hostile foreign actors.

A 2023 study funded by the US Military Academy at West Point highlighted the national security threat posed by the data broker ecosystem, noting the availability of sensitive personal data that could be used to coerce, damage reputations, and blackmail high-level targets, including military personnel.

Naveed Shah, political director of Common Defense and an Iraq War veteran, condemned the withdrawal, accusing Vought of prioritizing data broker profits over national security. He urged the administration to reverse course and enact the privacy protections.

Recent investigations have revealed the ease with which data brokers collect and sell information that can be used to track military and intelligence personnel, even near sensitive installations. Reports also indicated that US data brokers were using Google’s ad-tech tools to sell access to data linked to military service members and national security decision-makers, a vulnerability that foreign adversaries could exploit.

Caroline Kraczon, law fellow at the Electronic Privacy Information Center, expressed disappointment with the decision, calling it an “attack in the administration’s war against consumers on behalf of corporate interests.”

The CFPB’s decision follows a period of significant staff reductions, raising concerns about the agency’s capacity to protect consumers. The agency had already terminated the positions of 1,400 of its employees and is now under even more scrutiny.

Related Articles

Ngoc Vy

Ngoc Vy is a tech journalist specializing in artificial intelligence, emerging technologies, and their societal impact. She combines technical rigor with on-the-ground coverage of Vietnam’s startup ecosystem, from AI ethics debates to gov-tech adoption. Ngoc Vy is also passionate about bridging the gender gap in STEM journalism.