The Consumer Financial Protection Bureau (CFPB) has cancelled plans to introduce new rules designed to limit the ability of US data brokers to sell sensitive information about Americans, including financial data, credit history, and Social Security numbers.
CFPB proposed the new rule in early December under former director Rohit Chopra, who said the changes were necessary to combat commercial surveillance practices that “threaten our personal safety and undermine America’s national security.”
The agency quietly withdrew the proposal on Tuesday morning, issuing a notice published in the Federal Register declaring the rule no longer “necessary or appropriate.”
CFBP received more than 600 comments from the public this year concerning the proposal, titled “Protecting Americans from Harmful Data Broker Practices.” The rule was crafted to ensure that data brokers obtain Americans’ consent before selling or sharing sensitive personal information, including financial data such as income; regulations that US credit agencies are currently required to abide by under the Fair Credit Reporting Act, one of the nation’s oldest privacy laws.
In its notice, CFBP’s acting director, Russel Vought, wrote that he was withdrawing the proposal “in light of updates to Bureau policies,” and that it did not align with the agency’s “current interpretation of the FCRA,” which he added CFBP is “in the process of revising.”
CFBP did not immediately respond to a request for comment.
Data brokers operate within a multi-billion-dollar industry built on the collection and sale of detailed personal information—often without individuals’ knowledge or consent. These companies create extensive profiles on nearly every American, including highly sensitive data such as precise location history, political affiliations, and religious beliefs. This information is frequently resold for purposes ranging from marketing to law enforcement surveillance.
Many people are unaware that data brokers even exist, let alone that their personal information is being traded. In January, the Texas Attorney General’s Office, led by Attorney General Ken Paxton, accused Arity—a data broker owned by Allstate—of unlawfully collecting, using, and selling driving data from over 45 million Americans to insurance companies without their consent.
The harms from data brokers can be severe–even violent. The Safety Net Project, part of the National Network to End Domestic Violence, warns that people-search websites, which compile information from data brokers, can serve as tools for abusers to track down information about their victims.
Last year, Gravy Analytics—which processes billions of location signals daily—suffered a data breach that may have exposed the movements of millions of individuals, including politicians and military personnel.
“Russell Vought is undoing years of painstaking, bipartisan work in order to prop up data brokers’ predatory, and profitable, surveillance of Americans,” says Sean Vitka, executive director of Demand Progress, a nonprofit that supported the rule. Added Vitka: “By withdrawing the CFPB’s data broker rulemaking, the Trump administration is ensuring that Americans will continue to be bombarded by scam texts, calls and emails, and that military members and their families can be targeted by spies and blackmailers.”
