June 16, 2023, Washington, DC – In response to the Consumer Financial Protection Bureau’s (CFPB) Request for Information (RFI) Regarding Data Brokers and Other Business Practices Involving the Collection and Sale of Consumer Information, FDATA North America submitted comment letter stressing in the strongest possible terms, that third-party providers of financial services that rely on consumer-permissioned data are not data brokers, and therefore should be exempt from any Bureau rulemakings, guidance, or other actions it may consider in the data brokerage space.
We also used this opportunity to further deploy our FDATA Privacy Principles which define customer-directed data as financial data that is collected or shared in accordance with a clear affirmative action by or request from an end user or their authorized agent, rather than data collected passively, such as data that may be collected automatically through pixels or cookies as a consumer navigates through web pages. For data to be considered customer-directed, our principles further assert that the end user must also have full utility over any non-proprietary data element for which a data holder holds about them. And critically, our principles state that the end user must have the ability to opt-out of future use of their data at any time.
Finally, the letter reiterated our long-standing positions that no third party should have access to any financial data element permissioned by a customer that is not required to fuel the use case for which that customer has opted in, and that the CFPB should expand its supervisory authority to cover data aggregators.