Updates

CFPB Finalizes Strong Personal Financial Data Rights Rule with Data Minimization Requirements 

October 24, 2024

The Consumer Financial Protection Bureau has finalized new regulations to implement Section 1033 of the Dodd-Frank Act. The rule promotes financial inclusion and lays down some of the strongest consumer privacy protections in federal law. 

The new rule gives consumers more control over their own financial information, empowering individuals to access their financial information and share it with other financial institutions and third-party financial services providers. Moving toward open banking enables consumers to shop around for better rates and services. 

But the rule also includes robust data protection requirements for third parties authorized by a consumer to access their financial information, including data minimization obligations, limits on secondary uses of personal data, and data security standards. The rules only allow third parties to collect and process personal financial information when doing so is reasonably necessary to provide a service requested by the individual, and it prohibits the secondary use of personal data for targeted advertising and data sales. 

In January, EPIC filed comments on the CFPB’s proposed Section 1033 rules, urging the CFPB to adopt strong rules that protect privacy and empower consumers. EPIC applauds the CFPB for furthering these goals by finalizing the Personal Financial Data Rights rule. 

EPIC regularly engages with the CFPB on consumer protection issues. For example, EPIC filed comments in support of the CFPB’s proposals to prohibit the inclusion of medical debt on credit reports and comments on the CFPB’s proposed revisions to Fair Credit Reporting Act rules, which would clarify that data brokers must comply with FCRA. 

Support Our Work

EPIC's work is funded by the support of individuals like you, who allow us to continue to protect privacy, open government, and democratic values in the information age.

Donate