CFPB Extends Comments on Proposed Rule to Apply FCRA to Data Brokers

The CFPB is expected to use these detailed comments to further modify the rule. ACA is drafting comments as well as coordinating resources for members to share their important input.

The Consumer Financial Protection Bureau has extended the public comment period for its proposed rule on data broker activities under the Fair Credit Reporting Act from March 3, 2025, to April 2, 2025, “to allow interested persons more time to consider and submit their comments,” according to a Federal Register notice.

The extension, under the leadership of Acting Director Russell Vought, comes as most other activity at the bureau is on hold, including supervision and enforcement, and the headquarters is closed, ACA International previously reported. Probationary staff, including some enforcement attorneys, were let go and the CFPB has cancelled several lawsuits.

ACA International has considered the manner in which the new administration has approached the CFPB Data Broker Rule and the extension of the comment period through April 2, 2025.

Despite the rhetoric from the CFPB about  all rules not yet in effect being pulled back, insights from ACA’s advocacy work and connections in Washington indicate that the administration will use the detailed comments to further modify the rule.

Data Broker Proposal: How Did We Get Here?

The data broker rulemaking inquiry started in June 2023 with bureau requests for public and market input on the activities of data brokers, ACA previously reported.

Generally, under the proposed rule, data brokers’ actions to provide consumer information to a user who uses it for a permissible purpose would make that information a “consumer report,” and data brokers would be defined as a “consumer reporting agency”

“The rulemaking would also limit the sale and transfer of credit header data, which contains consumer identifiers, including names, dates of birth and addresses,” according to a client alert from Brownstein Hyatt Farber Schreck. “Accordingly, it impacts compliance requirements and liability for a wide variety of stakeholders using public data, including financial institutions, housing providers, collectors, fintechs, credit reporting agencies, insurance companies, employers and many others.”

Former CFPB Director Rohit Chopra prioritized data regulations during his term.

The CFPB rushed to implement this change without supporting research about the proposal’s impact and its actions are outside the scope of its congressionally delegated authority, and instead are a rewrite of the FCRA, ACA previously reported.

Jonathan McKernan, the nominee for CFPB director, discussed the proposed rule in his nomination hearing before the Senate Committee on Banking, Housing and Urban Affairs last week in response to questions from U.S. Sen. Mark Warner, D-Va.

Warner said some of his colleagues think “everything the prior leadership at the CFPB did somehow was bad,” and asked McKernan if he agreed, particularly about the proposed data broker rule.

“One thing I do commend Director Chopra on was his work to increase our attention on some of the very significant policy issues posed by data collection, whether its data aggregators or data brokers,” McKernan said. “There [are] privacy issues here, there [are] potentially national security issues here and I think it’s important that we, both in the regulated space and the rest of our elected officials, continue focus on this is as we collect more and more data and the analytics get more and more powerful.”

Based on insights from the CFPB’s actions this year and the comment deadline extension, it seems likely the bureau will keep the elements of the rule to limit foreign adversaries’ access to consumer data. ACA is working diligently to demonstrate the significant harms to the existing credit ecosystem in the rule and is hopeful the bureau will rework the components of the proposed rule that would classify purchasing a consumer address as a credit report and illegally rewrite the FCRA.

How to Submit Comments

To support this approach with the goal of changing the existing proposed rule, ACA is working on a robust comment letter and we will be sharing components of the feedback with members to personalize and submit their comments to the CFPB before April 2.

This will ensure the CFPB receives expansive insights on the harms the existing proposed rule would cause and provide a basis for ACA to address the issue through state advocacy efforts. States are also expected to address similar issues as a result of a perceived void in the CFPB’s actions and seek to enact similar regulations and laws given the change in leadership at the federal level

For those who would like to submit comments to the CFPB, due April 2, 2025, they may be filed on the Federal eRulemaking Portal: https://www.regulations.gov. ACA will provide insights to members on meaningful content shortly.

• For comments filed on the portal, follow the instructions for submitting comments. A brief summary of this document and comments to date is available at https://www.regulations.gov/docket/CFPB-2024-0044.
• Comments may also be filed by email to 2024-NPRM-CONSUMER-REPORTING@cfpb.gov. Include Docket No. CFPB2024-0044 or RIN 3170-AB27 in the subject line of the message.
• Mail/Hand Delivery/Courier comments are also available to:
  Comment Intake—Protecting Americans from Harmful Data Broker Practices (Regulation V) c/o Legal Division Docket Manager, Consumer Financial Protection Bureau, 1700 G Street NW, Washington, DC 20552.