Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label CFPB Regulations. Show all posts

National Security at Risk: The CFPB’s Battle Against Data Brokers

The CFPB’s Battle Against Data Brokers

Data brokers work in secrecy, collecting personal details about our lives. These entities collect, and misuse our personal information without our explicit consent. 

The Rise of Data Brokers

The Consumer Financial Protection Bureau (CFPB) has taken notice, and their proposed regulations seek to hold data brokers accountable by subjecting them to the Fair Credit Reporting Act (FCRA). This move transcends mere privacy concerns—it is a matter of national security.

For instance, data brokers can facilitate targeting individuals by allowing entities to purchase lists that match multiple categories, such as “Intelligence and Counterterrorism” combined with descriptors like “substance abuse,” “heavy drinker,” or even “behind on bills.” 

In other contexts, entities can buy records for pennies per person, leveraging relatively small investments into mass data collection. The concern is that adversaries, including countries like China, can use this data to identify targets for surveillance and other purposes. The government is increasingly worried about foreign governments’ access to Americans’ data.

The CFPB’s Call to Action

The Consumer Financial Protection Bureau intends to propose new regulations that will compel data brokers to follow the Fair Credit Reporting Act. Earlier this month, CFPB Director Rohit Chopra stated that the agency is looking into rules to "ensure greater accountability" for companies that buy and sell consumer data, in line with an executive order signed by President Joe Biden in late February.

Chopra added that the agency is examining suggestions that would classify data brokers who sell specific categories of data as "consumer reporting agencies," requiring them to comply with the Fair Credit Reporting Act (FCRA). The statute prohibits the sharing of certain types of data with companies unless they have a legally defined purpose.

The CFBP considers the purchase and sale of consumer data to be a national security issue rather than a privacy concern. Chopra cited three large data breaches—the 2015 Anthem leak, the 2017 Equifax hack, and the 2018 Marriott breach—as instances of foreign enemies illegally collecting Americans' personal information.  

The National Security Angle

He said, "When Americans' health information, financial information, and even their travel whereabouts can be assembled into detailed dossiers, it's no surprise that this raises risks when it comes to safety and security,". However, the attention on high-profile intrusions hides a more widespread, entirely legal phenomenon: data brokers' capacity to sell precise personal information to anyone willing to pay for it. 

The government is increasingly concerned about foreign governments gaining access to Americans' data. In March, the House passed legislation that would bar data brokers from selling Americans' personally identifiable information to "any entity controlled by a foreign adversary." 

Why Data Brokers Matter

According to the Protecting Americans' Data from Foreign Adversaries Act, data brokers would be facing fines from the Federal Trade Commission if they sold sensitive information — such as location or health data — to any person or business situated in a few countries. The Senate has yet to vote on the legislation.

US government agencies also depend on data brokers to keep surveillance on Americans. In 2022, the American Civil Liberties Union released a series of files exposing how the DHS (Department of Homeland Security) exploited location data to track the movement of millions of cell phones — and the users who own them — across the United States.