CFPB concerned financial services are cashing in on personal data

The Consumer Financial Protection Bureau (CFPB) has recently published a report examining state and federal privacy protections for consumer financial data and has found it lacking.  

Following analysis of the state and federal privacy laws, many of which exempt data and/or institutions that are subject to the federal Gramm-Leach-Bliley Act (GLBA) and the Fair Credit Reporting Act (FCRA), the CFPB concludes that states should consider removing or narrowing the GLBA and FCRA exemptions in their privacy laws. This would provider stronger protections over consumer financial data. 

As consumers use technology products more to manage their financial data, the report highlights the importance of privacy. The CFPB views consumer financial data as particularly sensitive information, and therefore financial companies have access to create “unprecedented opportunities for companies to collect large quantities of various types of data concerning Americans’ economic lies and behaviors.” 

However, this data is important to financial institutions and technologies companies, as it enables more effective advertising and product improvement and development. This demand for data has the CFPB concerned, as it “creates new opportunities for scammers and… can enable manipulative business practices.” 

Let’s consider the report in a little more detail and what it means for both consumers and financial institutions…   

CFPB Report key findings:

• Exemptions in state laws: Many state privacy laws exempt data and institutions covered by federal laws like the GLBA and the FCRA, which the CFPB believes leaves gaps in consumer protection. 

• Sensitive nature of financial data: The CFPB emphasizes the sensitivity of consumer financial data and the increasing use of technology to manage this data, which creates opportunities for data collection and potential misuse. 

• Recommendations: The CFPB suggests that states should reconsider these exemptions to provide stronger, more comprehensive privacy protections. 

• Impact on financial institutions: The report is not legally binding but serves as a strong recommendation for states to enhance their privacy laws to better protect consumer financial data. 

Are banks cashing in on financial data?

The report highlights the emerging trend from banks and finserv institutions making money from consumer’s financial data via advertising or marketing.  

One of the most notable examples is Chase Media Solutions, which uses customer transactional data and buying habits to display individual’s relevant retailer offers. 

This new business model is largely a by-product of the (slow) depreciation of third-party cookies, as organizations and marketers alike seek new ways to generate revenue. In many ways, it makes sense – financial institutions have a wealth of knowledge on how individuals spend money and unique preference insights.  

But the caveat is always trust and transparency.  

How do consumers feel about their data being used in this way and are they being given clear choices to opt in or out of such services? At least with the Chase example, they are not sharing personal information with third parties, simply using it on their own platforms.    

The CFPB Director Rohit Chopra notes: “Consumers should have meaningful choice and an expectation of privacy about how their financial data is used, but large companies are increasingly harvesting and monetizing this sensitive data in mysterious ways.”  

Once again, this brings the privacy vs. personalization debate to the table. Almost half of consumers (48%) say that a lack of personalized content sways them to opt-out from brand communications, with US consumers 25% more likely than those in Europe to say this.  

However, 68% of consumers would like the ability to control the types of data collected; they want to be able to say no about their personal data being used for secondary purposes and have their wishes respected.  

Arguably, people may feel more strongly about their financial data being shared or used in specific ways. So financial services must tread carefully, or risk not only the wrath of regulations but of losing consumer trust.   

The importance of consent and data transparency

Whilst the CFPB report is not legally binding and the legislation may not exist yet, financial services can take proactive steps to safeguard consumer data at a higher level. 

It’s crucial for financial institutions to prioritize collecting explicit consent from consumers regarding their data usage. Transparency about how data will be used is not just a regulatory requirement but a cornerstone of building trust. Consumers need to be fully informed about what data is being collected, how it will be used, and who it will be shared with. They’ll be more likely to share data as a result.  

Moreover, the technology employed by financial institutions must be capable of managing consent and preferences at a granular level. This means having systems in place that can handle detailed consent management, ensuring that consumers’ choices are respected and adhered to across all platforms and services. 

By leveraging advanced technology to manage data granularity at scale, financial institutions can provide personalized services while maintaining the highest standards of privacy and trust. This approach not only aligns with regulatory expectations but also meets consumer demands for greater control over their personal information. 

Ultimately, the balance between personalization and privacy hinges on clear communication and advanced technological solutions that empower consumers to make informed decisions about their data.