CFPB issues draft proposals on consumer financial data sharing

The Consumer Financial Protection Bureau (CFPB) Thursday commenced its rulemaking on personal financial data rights under section 1033 of the Dodd-Frank Act. The proposals and alternatives released Thursday are under consideration for the CFPB’s data rights rulemaking, but do not represent a proposed rule at this stage.

Section 1033 of the Dodd-Frank Act establishes standards for the sharing on consumer financial data.

“This rulemaking aims to create a marketplace where companies would need to improve their offerings to keep their customers. Nascent firms would be able to use consumer-authorized data to build and widely offer products and services that can compete with big incumbents,” the CFPB stated in its release. “Consumers could switch providers to get a better deal or escape poor customer service, and companies would have to keep and attract customers through competitive prices, high-quality services, and improved products.

CUNA also filed a petition with the CFPB calling for a rulemaking to strengthen privacy and security of consumer data held by fintechs, tech companies, and data aggregators.

CUNA supports consumers’ ability to access pertinent account information in a timely and straightforward manner; however, we do not interpret or support requiring a financial institution to provide a third-party with cost-free and direct access to a consumer’s account—regardless of whether the consumer has authorized the third-party to do so. We further urge the CFPB to ensure that all users of consumer financial data comply with consumer data protection requirements under the Gramm-Leach-Bliley Act (GLBA) to the same extent as primary providers of financial services, and that primary financial data owners are provided meaningful legal measures to prevent misuse of data by third-parties.

Comments on the draft proposals are due by Jan. 25.