CFPB finalizes new regulations for consumer privacy

The Consumer Financial Protection Bureau (CFPB) has now finalized new regulations aimed at increasing consumer privacy and control over personal financial data. This rule is designed to give customers greater rights to access and share their financial information securely.

The new rule advances the United States towards a competitive, safe, secure, and reliable open banking system. It marks a significant step by the CFPB to activate Section 1033 of the Consumer Financial Protection Act, a legal authority established by Congress in 2010. This is the CFPB’s first major rule to promote responsible open banking in the U.S., with plans to develop additional rules covering more products, services, and use cases. By enhancing competition, the rule gives consumers more freedom to switch banks or providers and shop for the best deals, encouraging financial institutions to offer better products to attract and retain customers.

Crucially, the rule establishes strong privacy protections. It mandates that personal financial data can only be used for the purposes explicitly requested by the consumer, ensuring that third parties cannot exploit consumer data for unrelated purposes. This move also aims to phase out the risky practice of “screen scraping,” where consumers provide their account passwords to third parties who then access data indiscriminately through online banking portals.

These measures prioritize consumer privacy, ensuring that personal financial information is used securely and responsibly, fostering a safer financial ecosystem.

Key privacy enhancements

1. Data access and sharing: Consumers can now access and share their financial data, including bank accounts, credit cards, and payment apps, with third parties of their choice. This ensures that consumers have control over who can view and use their data.
2. No unauthorized use: The regulations strictly prohibit third parties from using consumer data for purposes other than those explicitly authorized by the consumer. This means that financial information cannot be exploited for unrelated services or marketing.
3. Free data transfers: Financial institutions are required to transfer consumer data to other providers at no cost. This facilitates easier switching between service providers, ensuring that consumers can choose the best options without worrying about hidden fees.
4. Enhanced security measures: The CFPB’s rules include security protocols to protect consumer data from breaches and unauthorized access, helping to maintain the integrity and confidentiality of personal financial information.
5. Revocation of access: Consumers have the right to revoke access to their data at any time, ensuring that they can maintain control over their information and protect their privacy as needed.

The new regulations provide companies with extended timelines to comply, with larger financial technology firms given until 2026 and smaller ones until 2030. This phased approach aims to ensure a smooth transition while prioritizing consumer data privacy.

Data aggregators like Plaid and Akoya, which facilitate connections between banks and financial tech services, welcomed the rule, highlighting its role in promoting the secure transfer of consumer data. They believe these measures will enhance data privacy and security for consumers.

However, not all reactions were positive. Some trade groups expressed dissatisfaction, arguing that the rule could lead to excessive access to consumer data by numerous third parties. Lindsey Johnson, head of the Consumer Bankers Association, criticized the CFPB, claiming it had “contorted” the congressional statute to allow “thousands of third parties” to access consumers’ data.

The CFPB’s new regulations represent a pivotal advancement in consumer privacy and data control within the financial sector. By empowering consumers with greater rights to access and share their financial information securely, these rules pave the way for a more competitive, safe, and reliable open banking system in the United States.

These measures underscore the CFPB’s commitment to fostering a financial environment where consumer privacy is paramount, ensuring that personal financial information is protected and used in ways that benefit consumers.