At a time when more financial institutions are monetizing consumers’ financial data, state policymakers should assess gaps in their data privacy laws, the Consumer Financial Protection Bureau (CFPB) said Tuesday (Nov. 12).
The regulator found in a report released Tuesday that many states have adopted new data privacy protections that exempt financial institutions and consumer financial data that are covered by federal law, it said in a Tuesday press release.
“Absent action at the federal level, exemptions from state data privacy laws can leave consumers at heightened risk with regard to their financial data,” the CFPB said in the release. “States should consider the importance of ensuring that their citizens are protected in instances where federal law currently has gaps or may be ineffective.”
Eighteen states passed new laws between January 2018 and July 2024 that give consumers greater control over their data, according to the release.
However, all the major state data privacy laws exempt financial institutions, financial data or both if they are subject to federal laws like the Gramm-Leach-Bliley Act (GLBA) or the Fair Credit Reporting Act (FCRA), per the release.
There is “broad consensus” that federal privacy protections for financial data have limitations and may not protect consumers from new methods companies use to collect and monetize data, the release said.
“Consumers should have meaningful choice and an expectation of privacy about how their financial data is used, but large companies are increasingly harvesting and monetizing this sensitive data in mysterious ways,” CFPB Director Rohit Chopra said in the release. “Given the exemptions in state law when it comes to this personal data, consumers lack fundamental protections for their financial privacy.”
Last month, the CFPB issued the final version of its Rule 1033 on personal financial data rights, aiming to give consumers greater control over their financial data and the ability to share it securely with third-party service providers.
In September, the CFPB said it was preparing to propose a rule that would apply privacy protections to data brokers. Chopra said at the time that this proposed rule would give consumers more control over their sensitive data.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More