Financial Services News

House Financial Services Taskforce Considers Risks From Developments In Consumer Data Sharing – Consumer Protection



United States:

House Financial Services Taskforce Considers Risks From Developments In Consumer Data Sharing


To print this article, all you need is to be registered or login on Mondaq.com.

The U.S. House Committee on Financial Services Task Force on
Financial Technology considered testimony on developments in
data sharing and FinTech which raise consumer protection and
regulatory questions.

In a Memorandum to the members of the
Committee, majority staff explained that the increased use of
consumer data to create new products and services has resulted in a
significant rise in the amount of personal and financial data that
is obtained, maintained, and furnished to third parties, raising
consumer protection and regulatory questions. The staff pointed to
the development of credential sharing, screen scraping and
application program interface (“API”) methods as examples
of data sharing means that “lack adequate consumer protections
and privacy protections, and face cybersecurity weaknesses.”
However, the staff noted that the development of these new products
and services can provide consumers with improved means of
overseeing their finances, setting savings goals and managing other
financial responsibilities.

Witnesses included:

  • Tom Carpenter, Director of Public Affairs at
    Financial Data Exchange, a nonprofit FinTech organization, who
    emphasized the progress made in the FinTech space with respect to
    technical standards that have enabled under-permissioned financial
    data sharing (i.e., screen scraping). Mr. Carpenter highlighted the
    benefits of such progress, and credited the use of negotiated and
    standardized APIs. The benefits of such APIs, he said, include (i)
    providing consumers with more transparency into their financial
    standings, (ii) expanding consumer access to credit and reducing
    the cost of credit, and (iii) enhancing consumer financial
    literacy. However, Mr. Carpenter stated that user-permissioned data
    sharing lacks standardization in a number of respects, including
    (i) the authentication, authorization and certification of data,
    (ii) how consumers access the data, and (iii) the scope of the data
    and how it is processed. Mr. Carpenter asserted that efforts to
    establish technical standards should be spearheaded by the FinTech
    industry because such standards would “adapt to the needs of
    the market.”

  • Raúl Carrillo, Associate Research
    Scholar at Yale Law School and Deputy Director of the Law and
    Political Economy Project, who underscored the conflict of interest
    between the FinTech industry, which relies on data
    “maximization,” and consumers, who would benefit from
    financial data collection through a data “minimization”
    paradigm. Mr. Carrillo urged the CFPB to issue (i) a
    Dodd-Frank Section 1033 (“Consumer rights to
    access information”) rulemaking to support consumer control
    and consumer data minimization and (ii) a rulemaking to establish
    the CFPB’s authority to oversee data aggregators. In addition,
    Mr. Carrillo suggested that Congress adopt legislation to (i)
    establish “structural partitions” between large tech
    companies and financial institutions and (ii) prohibit data
    collection and usage barring certain exceptions.

  • Kelly Thompson Cochran, Deputy Director of
    FinRegLab, an independent research organization, who asserted that
    while FinTech industry-led efforts are important for addressing
    technical and process issues with respect to consumer data use,
    regulatory action to establish basic criteria for such data can
    make industry-led efforts significantly more effective. Ms. Cochran
    stated that regulatory initiatives to improve consumer data
    protections and aid in the industry’s standardization efforts
    include (i) FTC’s evaluation of a proposal to update the
    information safeguard obligations of non-bank financial services
    entities pursuant to the Gramm-Leach-Bliley Act, (ii) the
    CFPB’s advance notice of proposed rulemaking on
    the development of regulations to implement Dodd-Frank Section
    1033, and (iii) the Federal Reserve Board, the FDIC and the
    OCC’s proposed risk management interagency
    guidance concerning third-party relationships of banking
    organizations. In general, Ms. Cochran observed that an enhanced,
    broader regulatory framework for consumer data use involves (i)
    establishing “meaningful consent” for data access, (ii)
    facilitating access to data for the development of products and
    services to the benefit of consumers, and (iii) more comprehensive
    and efficient regulation of data intermediaries.

  • Chi Chi Wu, a Staff Attorney at the National
    Consumer Law Center, who expressed support for the CFPB’s
    issuance of a Dodd-Frank Section 1033 rulemaking. Ms. Wu noted that
    access to financial data can be both beneficial and harmful to
    consumers, stating that effective consumer protection regulation
    ensures (i) consumer choice and control over their data, (ii)
    enhanced competition to promote a shift in the evaluation of
    consumer creditworthiness, (iii) the application of existing
    consumer protection provisions under the Fair Credit Reporting Act,
    the Equal Credit Opportunity Act and the Electronic Funds Transfer
    Act, and (iv) improved data security protections.

  • Steve Smith, Co-Founder and CEO of Finicity, a
    service that allows financial account holders to link their
    accounts to a variety of financial applications and services, who
    highlighted the importance of data aggregation as a means for
    “empower[ing] consumers and small and midsize business with
    access, control, and the consented use of their data.” Mr.
    Smith stressed that consumer data rights are rooted in
    consumers’ ability to obtain and use their data to their
    benefit. He noted that the CFPB’s progress on a rulemaking
    under Dodd-Frank Section 1033 is a step in the direction toward a
    straightforward regulatory framework for protecting and advancing
    open banking in the United States.

Commentary Daniel Meade

There was a good bit of bipartisan consensus at the Task
Force’s hearing on the need to move away from screen scraping,
as well as the need for the CFPB to move as quickly as possible to
implement a rule under Dodd-Frank Section 1033. However, it
seems unlikely that the CFPB will issue a proposed Section 1033
rule until a Senate-confirmed Director of the CFPB is in place.
Rohit Chopra’s nomination remains pending.

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.

POPULAR ARTICLES ON: Consumer Protection from United States



Source link