.svg)
A new report from the US Consumer Financial Protection Bureau (CFPB) argues that current data laws are not sufficient to deal with financial data innovations.
The report highlights critical gaps in state data privacy laws that leave consumer financial information vulnerable.
According to the report, states have enacted 18 new data privacy laws since 2018, empowering consumers with rights such as correcting inaccurate data or limiting data collection.
However, all of these laws exempt financial firms if they fall under federal rules, meaning consumers can exercise fewer rights over their financial data than other types of personal information.
“Consumers should have meaningful choice and an expectation of privacy about how their financial data is used, but large companies are increasingly harvesting and monetizing this sensitive data in mysterious ways,” said CFPB director Rohit Chopra.
“Given the exemptions in state law when it comes to this personal data, consumers lack fundamental protections for their financial privacy,” he warned.
Key findings
The CFPB report reveals a growing trend of financial companies generating revenue from consumer data through partnerships with third-party advertisers and marketers.
By collecting detailed information on users’ incomes, expenses and account balances through digital banking platforms and payment apps, these institutions are capitalising on sensitive financial data.
This approach has raised concerns about privacy, given that consumers may not be aware of just how extensively their personal information is being used for profit.
Although federal privacy laws such as the Gramm-Leach-Bliley Act (GLBA) and the Fair Credit Reporting Act (FCRA) were enacted to safeguard financial data, the CFPB’s report argues that these protections have significant limitations in the current data-heavy landscape.
In practice, these laws offer only partial privacy coverage and may fall short in shielding consumers from increasingly pervasive data collection practices.
The CFPB says that several states in the US have enacted new privacy laws that grant consumers greater control over personal information, such as the right to correct inaccuracies or restrict data collection.
However, exemptions for financial data mean that these rights do not apply to banks or other financial entities already regulated by federal law, which is leaving consumers in states with otherwise strong privacy protections without equivalent rights over their financial information.
To address these gaps, the CFPB is urging state policymakers to reconsider these exemptions and strengthen protections around financial data, especially where federal laws may be lacking.
Its report suggests that reassessing these carveouts could provide consumers with more comprehensive privacy rights and ensure that financial data is safeguarded as rigorously as other personal information.
