Data Brokers Won't Be Banned from Selling Your Personal Data Without Good Reason

A new proposal by the Consumer Financial Protection Bureau (CFPB) aims to regulate data brokers, the companies that collect and resell personal information for profit. The proposed change would subject data brokers to the same rules as credit checking agencies, limiting the sharing of sensitive data like names, social security numbers, and other identifiable information.

Currently, data brokers operate with relative impunity, buying and selling personal data without any significant oversight or regulation. This lack of accountability has led to several high-profile data breaches in recent years, including a major hack that exposed the personal data of every person in the US, UK, and Canada.

A New Era for Data Brokers?

The CFPB proposal would place significant restrictions on data brokers, requiring them to follow the same rules as credit checking agencies. This includes stricter accuracy requirements and a requirement to provide consumers with access to their own information.

Under the proposed rule, any sensitive personal data sold by a broker would be considered as selling a consumer credit report, subjecting it to the same restrictions as major credit bureaus. This means that data brokers could only sell such information for legitimate purposes like establishing eligibility for credit, insurance, or employment.

A Key Restriction: Legitimate Purpose

A key restriction of the proposed rule is that data brokers could only sell "credit header" data – information used to establish a consumer's creditworthiness – if they have a permissible purpose under the FCRA. This means that data brokers would be required to demonstrate a legitimate reason for selling personal data, rather than simply reselling it without any oversight.

The CFPB says there is widespread support for its proposal, with many experts and consumer advocates expressing relief that the agency is taking steps to regulate the often-unchecked industry of data brokers.

Reducing the Risk of Identity Theft

One of the key concerns driving the CFPB's proposal is the risk of personal data being bought by shell companies owned by criminals, who then use it for identity theft and other scams. By subjecting data brokers to stricter regulations, the CFPB hopes to reduce the number of cases where this happens.

While the new rule wouldn't prevent data breaches like the one in the summer, it would likely lead to greatly reduced sales of personal data, with some brokers possibly forced out of business. This could help to create a safer and more secure online environment for consumers.

A Change in Direction

However, in an update to this story, it appears that the CFPB's proposal has been killed due to the Trump administration's efforts to neuter the agency. The Hill reports that the proposed change will not be moving forward, leaving data brokers and consumers alike feeling frustrated and disappointed.

"It's a shame," said Rohit Chopra, the CFPB Director, in a press call discussing the proposal. "We were confident that this rule would make it clear that many of these data brokers are subject to federal protections under the FCRA."