.svg)
The US Consumer Financial Protection Bureau (CFPB) has launched an inquiry into companies that track and collect consumer information as it eyes future rulemaking into data brokers.
The agency sent out a request for information (RFI) which will inform the CFPB’s planned rulemaking under the Fair Credit Reporting Act (FCRA).
“Modern data surveillance practices have allowed companies to hover over our digital lives and monetise our most sensitive data,” said CFPB director Rohit Chopra.
“Our inquiry will inform whether rules under the Fair Credit Reporting Act reflect these market realities.”
Data brokers include a wide range of firms that collect, aggregate, sell or otherwise share consumers’ personal information with other parties.
As one of his first actions as CFPB director, Chopra launched an inquiry into how Apple, Google, PayPal, Square and other bigtech firms collect and use personal payments data.
The FCRA provides a range of protections for consumers, including accuracy standards, dispute rights and restrictions on how consumer reporting agencies may use data.
The CFPB now says that the FCRA covers data brokers like credit reporting companies and background screening firms, as well as those who report information to these firms.
“Many companies whose business models rely on newer technologies and novel methods purport not to be covered by the FCRA,” the RFI says.
“These companies are sometimes labelled ‘data brokers,’ ‘data aggregators,’ or ‘platforms,’ but they all share a fundamental characteristic with consumer reporting agencies — they collect and sell personal data,” according to the agency.
As data brokers collect a lot of sensitive personal information, such as genetic and health information, religious affiliation, financial records and geolocation data, the CFPB says there could be a risk of abuse and consumer harm.
For instance, the collection of such data may involve significant privacy and security risks, facilitate harassment and fraud or spread inaccurate information.
“The data broker industry is growing and expanding its reach into new spheres of consumers’ personal lives, as more sophisticated computerisation has increased the power of these companies to track and predict consumer behaviour.”
“Yet, many people lack an understanding of the scope and breadth of data brokers’ business practices,” the CFPB points out.
The agency says the feedback received to the RFI will help the CFPB gain a better understanding of the current state of business practices in this area and ensure that these companies comply with federal law.
The RFI includes 29 broad questions, including whether people are “unknowingly deceived or manipulated into supplying data to data brokers” and whether data collected by data brokers facilitates a less competitive marketplace or more expensive financial products for consumers.
The CFPB also asks stakeholders what specific types of information data brokers receive from financial institutions and whether financial institutions place any restrictions on the use of this data.
Interested parties can submit comments to the agency until June 13.
