CFPB Looks To Restrict The Sleazy Link Between Credit Reporting Agencies And Data Brokers (original) (raw)

from the finally-got-around-to-doing-the-bare-minimum dept

For a long while now, we’ve pointed out how the privacy hyperventilation over singular threats like TikTok are a huge distraction from the fact Congress is simply too corrupt to pass even a baseline privacy law for the internet era. Or regulate the massive number of dodgy data brokers that buy, sell, and trade in vast troves of consumer data without much in the way of competent oversight.

Not everybody in Washington is quite so corrupt and feckless, however.

Back in March, the Consumer Financial Protection Bureau (CFPB) announced that it would be taking a long overdue look at the way credit reporting agencies share sensitive consumer financial data with data brokers.

This week, the agency stated it would be crafting new rules that would extend the Fair Credit Reporting Act to cover the data broker and credit reporting agency interchange, restricting precisely how and where such data can be collected, traded, or sold:

The push could also see new restrictions on the sale of personal information such as Social Security numbers, names and addresses, which the CFPB said data brokers often buy from the major credit reporting bureaus to create their own profiles on individual consumers.

Issued under the Fair Credit Reporting Act, the regulations would seek to ensure that data brokers selling that sensitive information do so only for valid financial purposes such as employment background checks or credit decisions, and not for unrelated purposes that may allow third parties to use the data to, for example, train AI algorithms or chatbots.

New rules are one thing. Embattled, understaffed, and underfunded consumer protection agencies enforcing them at scale will be something else entirely. Still, progress is progress.

According to Politico, comments by CFPB boss Rohit Chopra will be the first time the Biden administration has directly addressed data brokers, which is pretty wild given the post-Roe concerns on this front:

DC has spent the last three years hyperventilating about a single app — TikTok — over supposed concerns that the data could be abused by the Chinese government. At the same time we’ve done absolutely fuck all about the vast, privacy-stomping data broker industry that collects huge troves of sensitive U.S. consumer data, then sells “anonymized” (a completely meaningless term) access to any idiot with a nickel.

Including Chinese intelligence.

Despite a lot of rhetoric about how “regulating privacy is hard,” or doing too much could have unforeseen consequences, the reality is the U.S. government hasn’t even done the bare minimum on privacy for two reasons. One, the dysfunction is immensely profitable. Two, the entire mess has provided the government with a handy way to avoid having to get warrants (especially on the location data front).

While industry and the “my relentless, unethical greed should face absolutely no restrictions from government” folks would very much like to see the 12-year old CFPB demolished, the agency clearly has a very beneficial purpose, and their actions here are very much overdue. Now, if it wouldn’t be too much trouble for Congress to get off its ass and pass a meaningful, simple, internet-era privacy law.

Filed Under: cfpb, consumer protection, credit reporting, data brokers, fcra, privacy, security