CFPB seeks feedback on data privacy before potential Trump overhaul

Finance, Money, Security and Saving Concept. Close up of wooden master key lock icon on top of stack of gold coins on white background and copy space.
Editorial credit: Montri Thipsorn / Shutterstock.com

The Consumer Financial Protection Bureau (CFPB) has invited public input on financial surveillance concerns involving big tech and mechanisms like stablecoins.

In detail, the CFPB is seeking public feedback on how to enforce existing financial privacy laws and address concerns about intrusive data collection and personalised pricing, particularly those offered by large technology firms.

The CFPB is also seeking input on a proposed rule to clarify how the Electronic Fund Transfer Act (EFTA), which safeguards consumers from fraud and errors, applies to new digital payment methods. This includes those used by tech companies, video gaming platforms, stablecoins, and other digital currencies not yet widely used by consumers.

Rohit Chopra, Director of CFPB, commented: “When people pay for their family expenses using new forms of digital payments, they must be confident that their transactions are not tainted by harmful surveillance or errors. 

“The CFPB is seeking public input on how to apply longstanding consumer and privacy protections to new and emerging payment mechanisms.”

Last week, X CEO Linda Yaccarino confirmed plans to launch a new payment system, X Money, later this year. This is part of X owner Elon Musk‘s broader vision to create a “super app”, a concept common in regions like China but not yet widespread in the US. 

This product could involve extensive data collection, however, presenting an example of why regulators like the CFPB are interested in investigating this area.

The CFPB has expressed concerns about how companies that offer or provide consumer financial products or services collect, use, share, and protect consumers’ personal financial data, including data harvested from consumer payments.

Additionally, as new payment methods like stablecoins gain traction for cross-border transactions, the financial watchdog has highlighted how transaction data can be linked to personal information such as location, social media activity and browsing history.

These concerns stem from several research papers, where the CFPB found that these payment systems collect and use data beyond what is necessary to process a transaction.

Current regulation

The US federal financial data privacy framework mainly relies on the Gramm-Leach-Bliley Act (GLBA) and its regulations, along with the Fair Credit Reporting Act (FCRA). 

Additionally, the CFPB also addresses unfair practices related to consumer data handling. However, experts suggest that the GLBA’s focus on disclosures and opt-outs may not fully tackle the challenges of modern data surveillance.

A recent Government Accountability Office (GAO) study highlighted that “the consumer opt-out rate is generally low” and that many consumers “may be largely unaware of how fintech apps use their personal information and the privacy risks involved.” 

The GAO also pointed out that the model privacy form commonly used in the financial industry “may be out of date and may not accurately reflect the increased and varied ways financial institutions share information, compared to when the form was introduced over 10 years ago.”

The CFPB is requesting comments on or before 11 April 2025, focusing on the types of data the public believes should be monitored routinely, as well as the strengths and weaknesses of the current frameworks.

Additionally, the CFPB has proposed an interpretive rule on how the EFTA applies to new and emerging digital payment mechanisms. The rule provides a framework for determining when EFTA protections apply, ensuring consumers can consistently invoke their rights while assisting market participants in developing these mechanisms.

Comments on the proposed rule must be received by 31 March 2025.

A last-ditch effort by the CFPB?

The US payments industry is currently facing significant uncertainty with President Donald Trump’s return to office on 20 January. 

Ahead of his election, much speculation surrounded how Trump would influence the payments space, particularly with his support for crypto being widely discussed. However, one area the CFPB is likely to monitor closely is Trump’s plans to overhaul the agency.

Under President Joe Biden, the CFPB has been actively updating regulations and taking a stricter approach to the industry – an approach that contrasts with Trump’s belief that excessive regulations stunt economic growth, though it does appear the CFPB will gain more of a remit over crypto under his second presidency.

Separate from cryptocurrency, Trump’s growing relationship with Musk raises questions about the future of regulations that might challenge Musk’s ventures, such as the previously noted X Money. Any regulations posing a threat to these interests could likely be re-evaluated or removed. 

A key turning point will be the departure of current CFPB Director Chopra, who serves at the pleasure of the president. Chopra may be required to resign or be sacked, though it is important to note the CFPB has not faced the same level of scrutiny from the President-elect as its counterparts at the Securities and Exchange Commission (SEC).

Nevertheless, the potential change in leadership under Trump will provide crucial insight into his regulatory approach and plans for the country’s payments industry.