Financial data privacy bill tightens rules


HPatrick McHenry, a member of the financial services ranking, published a bill on June 23 which aims modernize financial data privacy laws and give consumers more control over how their personal information is collected and used.

“This proposal will modernize the current framework to better align with evolving technology and protect against misuse or overuse of consumers’ personal information,” McHenry said.

The bill focuses on non-public personal information. The definition of non-public information is expanded to include “information that identifies, relates to, describes, is reasonably likely to be associated with, or could reasonably be linked, directly or indirectly, to a particular consumer”.

While the proposed bill will give consumers more options to decide who has access to their data and how that data is processed, the bill does not enter into the open banking debate and does not give consumers nor financial institutions additional powers to share customer account data.

The text also recognizes the need for consumers to control how their personal information will be used beyond financial institutions (FIs), and that is why the bill includes data aggregators, which will be bound by the same rules than traditional FIs. That means the bill could end up applying to FinTech companies like Plaid.

The bill allows consumers to understand how their data is collected and used by a service provider when they agree to the provider’s privacy policy. In addition, the bill guarantees consumers the right to stop the collection of their data and/or request the deletion of their data at any time.

For example, FIs will need to inform consumers that their non-public personal information is being collected, explain why they are collecting this data, and use it only for the stated purposes. Additionally, FIs will need to provide consumers with the ability to opt out of data collection.

Additionally, to facilitate a consumer’s request to stop data collection from a business — whether a financial institution, data aggregator, or any other third party — the of law provides that if an FI is required to terminate the collection and/or sharing of a consumer’s non-public personal information, the FI must notify third parties that the data sharing has been terminated and request that they terminate also.

The bill also contains several provisions that would allow consumers to obtain more information from their financial institutions about the categories of personal information collected, the entities with which the FI shares data, and the entities with which the FI has received non-public personal information.

Finally, the bill states that relevant agencies and regulators, including federal banking agencies, the Securities and Exchange Commission (SEC) and the Federal Trade Commission (FTC), no later than one year after the law is enacted, must issue rules to implement these amended sections of the Gramm-Leach-Bliley Act.

The text comes the same day lawmakers from the House Energy and Commerce Committee annotated US data protection and privacy law.

Read more: Data privacy bill passes US House panel

Open bank

While this bill does not address open banking – when a consumer authorizes their FI to share financial information with a third-party provider – the Consumer Financial Protection Bureau (CFPB) may need to consider this draft bill. law for its future projects in this space.

The CFPB has publicly stated that it is working on new rules to facilitate open banking by allowing consumers to easily share their financial information. However, FIs may intentionally or inadvertently send certain non-public personal information together with financial information, particularly if the scope of the non-public personal information is broadened. This could require FIs to inform consumers of this, and any regulation by the CFPB should ensure that there is no inconsistency between these two laws.

Read more: CFPB Takes First Steps in Open Banking and Big Tech Review



About: PYMNTS’ survey of 2,094 consumers for The Tailored Shopping Experience report, a collaboration with Elastic Path, shows where merchants are succeeding and where they need to up their game to deliver a personalized shopping experience.


Comments are closed.