Updates
EPIC Welcomes CFPB’s Proposed Rules to Rein in Reckless Data Brokers, Protect Privacy & Security
December 3, 2024
WASHINGTON, DC – The Electronic Privacy Information Center (EPIC) welcomed today’s announcement that the Consumer Financial Protection Bureau will advance new rules to rein in data brokers, protect our privacy, and strengthen public safety. The proposed rules clarify that the Fair Credit Reporting Act (FCRA)—a federal statute promoting accuracy, fairness, and privacy in the collection and retention of personal information—applies to data brokers that have operated outside of the law for years.
Data brokers have built a multibillion-dollar industry off of hoarding, mining, and selling sensitive personal data. These practices strip us of our privacy and cause a wide range of harms, imperiling national security, endangering domestic violence survivors and immigrants, facilitating discrimination, and exacerbating data breaches, identity theft, and fraud. Clarifying that data brokers are covered by the FCRA will strictly limit brokers’ collection and sale of personal data, ensure that brokers maintain the accuracy of the data they hold, and require brokers to comply with consumers’ requests to access and correct their own information—the same rules that credit reporting agencies have long been subject to.
“It’s high time we stop letting data brokers undermine our privacy, safety, and national security, and today’s proposal from the CFPB promises to do just that,” said John Davisson, Director of Litigation at EPIC. “Congress had the foresight fifty years ago to place strict limits on the sale of our personal information, but the explosion of the data broker industry has allowed unscrupulous companies and illegal practices to slip through the cracks, leaving everyone but the brokers worse off. Closing those loopholes is a bipartisan, commonsense way to turn the tide and restore our privacy and security.”
Among other measures, the CFPB’s proposed rule would clarify the types of personal data covered by the FCRA, the purposes for which that data can be collected and sold, and the extent to which nominally “deidentified” personal data is still subject to the FCRA.
“Data brokers’ unfettered collection and sale of personal information not only undermines privacy, but also puts people in harm’s way, exacerbates discrimination, and enables financial harm. It’s time to place reasonable restrictions on data brokers to mitigate the harm these companies enable. We applaud the CFPB’s effort to do just that with their proposed rules,” said EPIC Law Fellow Caroline Kraczon.
###
About EPIC
EPIC has played a leading role in developing the authority of regulators to safeguard the rights of consumers and ensure the protection of personal data. EPIC has long fought for meaningful restrictions on the data broker industry and has supported the CFPB’s efforts to make good on the protections of the FCRA. EPIC shared expertise and feedback on earlier stages of the CFPB’s data brokers rulemaking; backed the CFPB’s proposed ban on listing medical debt on credit reports; joined a coalition of organizations calling on the CFPB to clarify that “credit header data” like phone numbers and social security numbers are not exempt from the FCRA; and defended the CFPB against recent baseless attacks.
Support Our Work
EPIC's work is funded by the support of individuals like you, who allow us to continue to protect privacy, open government, and democratic values in the information age.
Donate