CFPB Begins Process to Develop Regulations on Personal Financial Data Rights
The CFPB released an outline of proposals and alternatives it is considering for a new rulemaking on consumers’ financial data rights.
Section 1033 of the Dodd-Frank Act authorizes the CFPB to develop regulations which would require financial services companies, upon the request of a consumer, to provide the consumer with certain types of information which the company possesses about the consumer. This can include information relating to the consumer’s transactions, accounts, costs, charges, and usage activity.
Among other things, access to this data is supposed to make it easier for consumers to transfer their business from one financial services company to another if they are unsatisfied with their current one. In turn, this would, in the CFPB’s view, spur competition and enhance consumer options.
Issues addressed in the outline for the new rulemaking include the following:
- The CFPB expects that the new rule would initially cover institutions that provide consumer funds-holding accounts, credit card issuers, and entities which issue access devices like digital credential storage wallets or which provide electronic funds transfer services.
- The regulations would allow the data to be released to the consumer, as well as the third parties (such as other financial services providers) authorized by the consumer.
- The CFPB is considering whether and to what extent to place collection, use, and retention limits on authorized third-parties who receive the data.
- The CFPB is evaluating what technical requirements or standards will be used to make the data available and accessible, as well as requirements related to data security, data accuracy, dispute resolution, and record retention.
The CFPB is seeking comments from small businesses, as well as other interested parties, about the new rulemaking, by January 25, 2023. The agency anticipates that it will release the proposed regulations in 2023.