Rory Van Loo of BU has written Technology Regulation by Default: Platforms, Privacy, and the CFPB. Here's the abstract:
In the absence of a technology-focused regulator, diverse administrative agencies have been forced to develop regulatory models for governing their sphere of the data economy. These largely uncoordinated efforts offer a laboratory of regulatory experimentation on governance architecture. This symposium essay explores what the Consumer Financial Protection Bureau (CFPB) has done in its first several years to regulate financial technology (“fintech”), in the context of broader technology-related concerns identified in the literature. It begins with a survey of what the CFPB has undertaken using more traditional administrative agency tools—enforcement and rulemaking—in areas such as privacy, consumer control over data, and regulatory sandboxes. It then looks at how the CFPB has used technology to protect consumers, through Twitter and online advisory tools. The essay closes by considering open questions, including the possibility of the CFPB’s privacy activities extending its oversight of tech giants like Facebook and Amazon, and the extent to which the CFPB might exercise additional authority to inspect financial algorithms. More systematic study of the agency’s activities is needed, but the CFPB’s early experiences both provide examples that other agencies might follow and indicate the difficulty of relying on industry-specific regulators to govern the data economy, rather than an agency focused on technology.
