The Consumer Financial Protection Bureau just announced a proposed rule under section 1033 of the Consumer Financial Protection Act of 2010 to address personal financial data rights that would ensure consumers have certain protections and control over their information.
Among other things the rule would:
- Require financial institutions to share data with other entities at a customer’s direction. Consumers would have a legal right to grant third-party access to information connected to their credit card, checking, prepaid, and digital wallet accounts. It would allow consumers to more easily shift their data to other entities they’d like to do business with.
- Require financial institutions to make personal financial data available to customers, at no charge to them.
- Limit how entities use personal financial data they have access to. According to the CFPB, “third parties could not collect, use, or retain data to advance their own commercial interests through actions like targeted or behavioral advertising.”
- Give people the right to revoke access to their data, which would require that the data access end immediately, and eventual data deletion.
- Address “risky” data collection practices, such as screen scraping.
The CFPB asserts the proposal would encourage competition among financial entities and facilitate open banking. Comments are due by December 29, 2023.