Financial Protection

Giving consumers more control of their own financial data

CFPB director Chopra
CFPB Flickr account | Public Domain
CFPB Director Rohit Chopra

The CFPB has taken a big step toward giving consumers more financial data rights as it “Kicks Off [a] Personal Financial Data Rights Rulemaking.” In his remarks, Director Rohit Chopra said:

“Dominant firms shouldn’t be able to hoard our personal data and appropriate the value to themselves. The CFPB’s personal financial data rights rulemaking has the potential to jumpstart competition, giving Americans new options for financial products.”

More control means more choices and more data security. To keep customers, banks will need to do a better job — hello, long wait times on hold, nasty surprise fees, credit card interest rates that never go down and savings rates that never go up — that drive consumers crazy.

But current and potential new fintech competitors (some current data aggregators include Plaid, Finicity and Yodlee) and other new financial apps will need to continue to show that they can be trusted with consumer data security, not to use it to discriminate against some consumers, and, most importantly, to provide asset-building opportunities, not simply drain accounts with disguised fees and interest (“optional” tips, really?). Among the issues we and other consumer groups including the National Consumer Law Center raised in coalition comments to the 2020 Advance Notice of Proposed Rulemaking:

“The potential benefits for consumers of authorized data access are significant, but the potential risks are also great. In order to realize the benefits to consumers while minimizing the risks for consumers, the CFPB must issue a strong rule under Section 1033 that include vigorous, substantive safeguards for consumers.”

We also argued that the CFPB should discourage the common aggregator  practice of “screen scraping” and, instead, to:

“encourage financial institutions to accept data sharing through application programming interfaces (APIs), but the Bureau cannot prohibit screen scraping until all consumers at any financial institution have the ability to access their own data through APIs.”

It’s not only banks that will need to do a better job. We also argued that fintechs could use “consumer-authorized data from deposit accounts” to break the Big 3 credit bureau oligopoly and improve credit decision-making.

“…the consumer is not the customer of the credit bureaus; instead, our data is their commodity. Consumers have no control in this system. Our consent is never required to harvest our information and, until the advent of security freezes, we could not even prevent its dissemination.”

PIRG has been involved with the long lead-up to the implementation of Section 1033 of the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act. For example, I also was an invited panelist at a November 2016 field hearing in Salt Lake City (Director’s Cordray’s opening remarks).

The CFPB is now considering the impact of the proposed rule on small businesses, and has invited comment from the public. Comments are due by July 25, 2023.

See the Campaign

Show More