.svg)
The US Consumer Financial Protection Bureau (CFPB) has asked industry stakeholders to provide feedback on strengthening measures to prevent "harmful surveillance" in digital payments, particularly those offered through big tech platforms.
The financial watchdog is aiming to better apply existing laws to emerging payment technologies, as well as to address growing concerns about excessive data collection and personalised pricing.
It wants to hear views on ways to enhance privacy protections and curb financial surveillance in digital payment systems.
The regulator is looking for feedback on improving regulations, including privacy notices, opt-out options and routine data monitoring.
The initiative is permitted by the Personal Financial Data Rights Rule enacted under Section 1033 of the Consumer Financial Protection Act (CFPA), which aims to ensure robust consumer data protections while facilitating seamless financial transactions.
The deadline for comments is April 11, 2025.
Key considerations
The CFPB is seeking input on how companies collect, use and share personal financial data obtained from digital payments.
It says that research shows platforms routinely collect more data than is necessary for transactions, and may combine it with other personal information such as location and browsing history.
The regulator is looking to clamp down on practices such as personalised pricing based on individual consumer profiles.
It is also worried that US consumers are not sufficiently aware of the privacy risks inherent in the use of big tech platforms for payments and other purposes.
The watchdog fears that existing industry practices do not provide consumers with the appropriate level of protection and is considering the need for more suitable, modern regulation.
Why should you care?
On the one hand, the CFPB’s request for feedback on ways to strengthen measures to protect US consumers from harmful surveillance by big tech providers could be a significant step in the way such organisations are regulated and held to account.
On the other hand, there is a considerable question mark over what is to become of the CFPB itself under the incoming Trump administration and whether it will be in a position to follow through on its various plans, including those relating to big tech.
The regulator seems keen to apply existing privacy and consumer protections laws to emerging digital payments offered through big tech, as well as stablecoins and other cryptocurrencies.
If it proves to be the case that the CFPB can pursue its agenda, social media networks and crypto providers will need to adapt their ways of working to the tighter rules previously applied to more traditional payments organisations.
However, the prominence of tech founders at President Trump’s inauguration and the number of nominees for key roles in the new administration who come from the fintech space suggest that big tech companies have little to fear from the CFPB in the near future.
So far, jurisdictions other than the US have been more inclined to seek to regulate the big tech players.
In Summer 2024, for example, the European Commission’s competition authority elicited commitments from Apple regarding the use of near-field communication (NFC) in payments — a significant and hard-fought victory.
The four-year battle indicated the authority’s willingness to challenge the tech giant on its conduct in the payments space, and led to Apple opening the use of NFC to third-party providers for the first time.
In the UK, meanwhile, in July 2024, the Payment Systems Regulator (PSR) and the Financial Conduct Authority (FCA) issued a joint call for information, aiming to identify the benefits and risks of using digital wallets.
They are due to report back in Q1 2025, and if the call for information yields evidence of anti-competitive practices, the regulators will likely seek to clamp down on the big tech providers.
