The top US Consumer Watchdog has a plan to fight Predatory Data Brokers

The CFPB’s idea of ​​using existing US law to regulate data brokers is not new. In February 2023, a group of consumer-focused nonprofits urged Chopra to use the powers the FCRA gives regulators to prevent data brokers from engaging in these potentially harmful practices.

“Protecting the personal information of all people in the US is more urgent in our current political climate,” said Laura Rivera, an attorney at Just Futures Law, a nonprofit that supports grassroots activists. “The stakes are too high to continue to allow the data broker industry to sell our data at will, when the status quo has made it ripe for abuse and targeting by malicious actors.”

In a briefing with WIRED on Monday, CFPB officials declined to comment on whether they believe the regulatory action will be short-lived, as President-elect Donald Trump plans to empower a number of Silicon Valley figures to reorganize the federal government for targeting purposes. “waste and fraud.”

Elon Musk, who heads the office named after the meme’s coin—the Department of Government Operations, or DOGE—directly attacked the CFPB’s work last week, calling for the agency to be “removed.” Musk’s comments follow an attack on the agency’s work by venture capitalist Marc Andreessen, who said on a recent episode of Joe Rogan’s podcast that the agency is “terrifying” banking startups.

The CFBP was established in 2011 to protect consumers from the types of fraud and abuse that began in the 2008 financial crisis.

A CFPB official tells WIRED that the agency is also concerned about data being shared in ways that companies say protect people’s identities but can actually be “disclosed” in simple ways, as research has repeatedly shown. “As technology improves, we think it will be much easier to remove the so-called de-identified information,” said one official. The proposed legislation therefore includes a range of guidelines for credit reporting agencies involved in the sale of suspected de-identified data.

Asked whether the proposal would extend to US government agencies, the official said US law sets “very clear rules” for the government to purchase personally identifiable information for law enforcement and intelligence purposes. In a recent case, US Immigration and Customs Enforcement was found by reporters to have bought access to the personal data of Americans in an effort to investigate immigration – data obtained by the news agency Thomson Reuters, which provided buyers in contracts the company disclosed. they cost more than 100 million dollars. (Thomson Reuters has previously denied that the purpose of the data is to track undocumented immigrants and has insisted that its database does not contain information that typically requires a search warrant to access.)

“We’re not interfering with any of those methods,” a CFPB official said. The agency requests comment, however, on the potential implications of such government purchases to ensure that access is “reasonable.”

Emily Peterson-Cassin, director of corporate affairs at the nonprofit advocacy group Demand Progress’s Education Fund, praised the CFPB’s proposal and urged the incoming Trump administration to consider it.

“The CFPB is doing something important that will affect every American. Anyone you pick up on the street can tell you about the daily scam texts, emails and phone calls they receive from scammers who easily buy our contact information from unscrupulous, unaccountable data brokers,” said Peterson-Cassin. “Finally, someone—specifically the CFPB—has stepped up to stop this daily epidemic that affects hundreds of millions of people by applying real standards to their sale of our sensitive information.”