The Consumer Financial Protection Bureau (CFPB) has come out with a list of principles for protecting consumers when they authorize third-party companies to access their financial data.
Many companies, including “fintech” firms, banks, and other financial institutions, get authorization from consumers to access their account data to provide a variety of products and services. While this data sharing is often necessary and important, there are consumer protection challenges.
“Today, the Bureau released its consumer protection principles for the consumer-authorized data-sharing market,” CFPB Director Richard Cordray said. “These principles express our vision for realizing an innovative market that gives consumers protection and value.”
The principles are intended to help foster the development of innovative financial products and services, increase competition in financial markets, and empower consumers to take greater control of their financial lives.
The principles relate to data access, data scope and usability, control of the data and informed consent, payment authorizations, data security, transparency on data access rights, data accuracy, accountability for access and use, and disputes and resolutions for unauthorized access.
The bureau will continue to assess how these principles may best be realized. The principles do not establish binding requirements or obligations relevant to the bureau’s exercise of its rulemaking, supervisory, or enforcement authority. In addition, they are not intended to alter, interpret, or otherwise provide guidance on existing statutes and regulations that apply in this market. Lastly, the principles are not intended as a statement of the bureau’s future enforcement or supervisory priorities.