CUNA joined other trade groups Tuesday in filing a petition with the Consumer Financial Protection Bureau (CFPB) calling for a rulemaking to strengthen privacy and security of consumer data held by fintechs, tech companies, and data aggregators. The is the first time CUNA has used the CFPB petition process that was updated in February.

The CFPB is currently engaged in a rulemaking regarding section 1033 of the Dodd-Frank Act, which establishes standards for the sharing on consumer financial data.

“We believe the CFPB should ensure that data aggregators and data users that are larger participants in the aggregation services market – not just banks and credit unions – are examined for compliance with applicable federal consumer financial law, especially the requirements of the forthcoming 1033 rulemaking, including the substantive prohibitions on the release of confidential commercial information,” the letter reads.

“By the nature of their business, data aggregators hold a tremendous amount of consumer financial data. It is estimated that data aggregators hold the consumer log-in credentials for tens of millions of customers,” it adds. “While consumers may consent to the sharing of their financial data, many of these same consumers are unaware of the activities in which these intermediaries engage, how the information is being collected, and how the data may be used or shared.”

CUNA requested the following specific rulemaking actions:

• Propose and adopt—through notice and comment rulemaking—an amendment to the regulation defining larger participants of certain consumer financial product and service markets by adding a new section to define larger participants of a market for aggregation services.
• Define the term “aggregation service” as a “financial product or services” for purposes of Title X of the Dodd-Frank Act.