.svg)
The US consumer protection watchdog is seeking input on strengthening measures to prevent what it says is "harmful surveillance" in digital payments, particularly those offered through large technology platforms.
The Consumer Financial Protection Bureau (CFPB) is inviting public feedback on ways to enhance privacy protections and curb financial surveillance in digital payment systems, particularly those offered by large technology companies.
Stakeholders are now being encouraged to respond to the consultations, which aim to better apply existing laws to emerging payment technologies, while at the same time addressing increased concerns about excessive data collection and personalised pricing.
This is the latest in a series of recent efforts by the CFPB, such as finalising rules mandating big tech companies' compliance with consumer financial laws and proposed measures to restrict data brokers from selling sensitive financial information.
The regulator has also recently published research highlighting gaps in state data privacy laws for financial institutions, and sought feedback from gamers and parents on video game payment mechanisms.
“When people pay for their family expenses using new forms of digital payments, they must be confident that their transactions are not tainted by harmful surveillance or errors,” said CFPB director Rohit Chopra.
“The CFPB is seeking public input on how to apply longstanding consumer and privacy protections to new and emerging payment mechanisms.”
Consumer payment data and privacy issues
In particular, the CFPB is seeking input on how companies collect, use and share personal financial data obtained from digital payments.
According to the regulator, research indicates that platforms often collect more data than necessary for transactions, potentially combining it with other personal information like location and browsing history.
Such practices raise concerns about personalised pricing based on individual consumer profiles, and appropriate, modernised protections may not be in place.
For example, current financial privacy regulations, primarily the Gramm-Leach-Bliley Act (GLBA) and the Fair Credit Reporting Act (FCRA), rely on opt-out mechanisms that critics argue are outdated.
Meanwhile, a recent Government Accountability Office (GAO) report highlighted consumer unawareness of privacy risks, noting that existing industry practices may not sufficiently protect users in the digital age.
Public comments are being sought on improving regulations, including privacy notices, opt-out options and routine data monitoring, and the deadline for comments is April 11, 2025.
Emerging digital payment mechanisms
The CFPB has also proposed an interpretive rule to clarify how the Electronic Fund Transfer Act (EFTA) applies to newer payment technologies.
The rule aims to ensure consumers can dispute errors or fraud in digital payment systems, such as video gaming currencies, big tech payment apps and stablecoins.
“The payment systems on these gaming platforms have rapidly evolved,” the interpretive rule says.
“Rather than relying on a business model in which players make a one-time payment to buy or play the game, some gaming platforms have developed elaborate economies where the platforms accept U.S. dollars in exchange for virtual currency that can be transacted among players and other platform participants, and even exchanged back to U.S. dollars in certain circumstances.”
The proposed rule seeks to provide consistency in consumer protections while supporting industry innovation, and comments on this rule are due by March 31, 2025.
