CFPB's Chopra: More Regulation On Data Surveillance Or US Risks Becoming China

October 11, 2023
Back
The Consumer Financial Protection Bureau (CFPB) is exploring a series of regulatory actions to address excessive data surveillance by payment platforms, director Rohit Chopra said warning the US may turn into a China-like market if platforms are left unchecked.

The Consumer Financial Protection Bureau (CFPB) is exploring a series of regulatory actions to address excessive data surveillance by payment platforms, director Rohit Chopra said warning the US may turn into a China-like market if platforms are left unchecked.

“I am fearing that the US is lurching toward a consolidated market structure, like the one that has emerged in China, that blurs the line between payments and commerce and creates the incentives for excessive surveillance and even financial censorship”, Chopra said at a conference held by the Brookings Institution last Friday (October 6).

Chopra raised concerns about non-bank payment platforms, such as Apple and Google, increasingly getting engaged in bank-like activities, which “naturally” creates a “strong incentive” for them to monitor all aspects of a consumer’s transaction.

Matching payments information with data on geolocation or browsing history, for example, may allow a firm to develop personalised pricing algorithms for e-commerce transactions or increase engagement with behavioural advertising.

However, according to the CFPB director, looking at market developments in other economies may cause even more worry.

“Indeed, there has been concern both in the US and abroad about the relationship between Chinese technology giants and government entities, including with respect to the sharing of sensitive data.”

“Given the massive scale that payment firms and technology giants can amass, these can also raise alarm bells regarding private financial censorship,” Chopra stressed.

Chopra was pointing at PayPal’s controversial move last October to start penalising and blocking user accounts if they engage in conduct of its disliking, such as spreading misinformation about COVID-19 vaccines.

PayPal quickly walked back on the idea after serious public backlash but the move drew regulators’ attention to the issue of private financial censorship, including in some EU member states and in the UK.

Chopra said that, as each of these firms controls the regulation of its payment systems, they could decide to block users even if they are not in breach of federal or state laws.

He confirmed that the CFPB has also been studying how these firms decide “which users get to pay on their platform, and who gets de-platformed and why”.

US shifts from consent-based approach to purpose-based use

Chopra also raised concerns about the efficiency of existing regulatory and legislative safeguards to protect consumers using financial services and products.

While Google and Apple collect and monetise a vast amount of data of their users, sometimes even long after their business purpose warrants it, existing regulations cannot effectively protect consumers, according to the director.

“Regardless of how the companies use the data they collect, the regulations do not appear to commit to meaningful limitations on future efforts to monetise the data,” Chopra said.

In the absence of federal data protection legislation and an open banking framework, financial data handling in the US is largely regulated by the Gramm-Leach-Bliley Act, which generally requires financial institutions to explain their information-sharing practices to their customers.

According to Chopra, there is a “very broad” consensus in the US that the notice and consent framework embroiled in the Gramm-Leach-Bliley Act “doesn’t work”. 

The act's protections “have totally proven to be insufficient", Chopra said.

Instead, the US is now moving toward “permissible purpose” restrictions and limitations on use.

This shift will be reflected in the agency’s upcoming open banking proposal later this month, Chopra added, which will include use restrictions and draw the line on which purposes data can be used for.

Laying out the agency’s forthcoming data protection actions, Chopra said the CFPB will issue supplemental orders to certain large technology firms to better understand their business practices and plans.

The agency is also exploring providing additional guidance on errors, hacks and unauthorised transactions and will look at its existing powers to examine non-bank payment platforms.

Our premium content is available to users of our services.

To view articles, please Log-in to your account, or sign up today for full access:

Opt in to hear about webinars, events, industry and product news

To find out more about Vixio, contact us today
No items found.