#consumer data

30 10, 2023

Karen Petrou: How to Prevent Open Banking From Turning Into the Wild West

2023-11-13T15:44:38-05:00October 30th, 2023|The Vault|

There are so many rules coming from so many directions at U.S. financial institutions that spotting key strategic challenges or opportunities is harder than ever.  That more and more of these rules are longer than 1,000 pages makes C-suite impact considerations still harder to highlight.  In the midst of this morass, one proposal from the CFPB on consumer-data rights may be easy to overlook, but this seemingly-petite 299-page rule is at least as consequential as the thousands of capital and CRA pages getting all the not-so-love.

Why?  Quite simply, consumer data are the currency of commerce in general and retail finance in particular.  The stratospheric ascent of data-driven companies such as Amazon are indisputable proof that competitors who control data quickly control consumers, mobilizing ever more powerful network effects that then crush all but the most nuanced niche providers.  The CFPB is right that banks no more deserve exclusive provenance over consumer data than tech-platform companies, but requiring banks to give these data away as the Bureau plans means the crown jewels of each retail franchise are now out on the shop counter for free.

Companies far better able to make astute use of these data than all but a few banks will quickly find ways to persuade consumers to give personal information to them unless the final data rights standard has considerably more consumer protection built in than the proposal.  I know it sounds odd to say that a CFPB proposal is light on consumer protections, but so it …

7 11, 2022

Karen Petrou: The Data-Rights Dilemma: The Balance Between CFPB Despotism and Democracy

2022-11-07T12:17:49-05:00November 7th, 2022|The Vault|

Last week, I despaired of CFPB edicts because I disapprove on principle of despotism no matter how well intentioned.  But, as shown in our in-depth analysis of the CFPB’s request for views on consumer data rights, democratic process can also be disastrous.  In what purports to be an “outline” of 71 pages and 149 questions often including numerous substantive sub-questions, the Bureau has gone back to its old habit of 1,000-plus page rules sure to do far, far more for lawyers than consumers seeking to better control their own financial destinies.

The outline and Director Chopra’s statements thereon lay out a powerful, persuasive argument about the benefits of data portability to an innovative, competitive, and inclusive retail financial system.  I get it, but after that, I’m at a loss.

Here are just a few questions we couldn’t answer about whether the CFPB’s new standards will do what the Bureau wants or heighten consumer exposure to still more cyber, privacy, and financial risk:

Will the third parties gaining control of our account data be covered by new security standards and, if so, will these be enforceable?  Will the data third parties gain via whatever authorization process the Bureau demands be deployed not just to answer our questions, but also to empower the already awesome network effects at the biggest quasi-financial companies wholly outside the reach of cross-selling and conflict-of-interest restrictions?  Will the products that third parties and their partners select based on our data do us good or ill?  For …

17 08, 2022

FedFin on: Data-Safeguard Legal/Reputational Risk

2023-01-04T11:55:58-05:00August 17th, 2022|The Vault|

Using another of its tools to set policy without prior public comment, the CFPB has released a circular stating that inadequate consumer-data safeguards may constitute a breach of the unfair, deceptive, or abusive acts or practices (UDAAP) protection standards subject to Bureau enforcement action.   This is the case even if no consumers have been harmed, if only one consumer is adversely affected, …

The full report is available to retainer clients. To find out how you can sign up for the service, click here and here.…

13 06, 2022

Karen Petrou: Why Chopra is Right about Consumer-Data Prohibitions

2023-01-27T15:31:54-05:00June 13th, 2022|The Vault|

As we noted in our assessment last week, CFPB Director Chopra has taken another bold step rewriting consumer finance with a strong stand in favor of stiff new consumer-data protections.  These would abandon the notice-and-consent approach which, as Mr. Chopra rightly says, leaves most of us with little privacy and less protection.  Instead, certain uses to which firms put our data would simply be prohibited. If the CFPB can get this right, then it will strike a blow not only for personal privacy, but also for sound finance with far fewer high-risk conflicts of interest.

The notice-and-consent approach to privacy protection is the epitome of information asymmetry and thus of ineffective consumer protection.  We all know what it is by virtue of the regular process by which our smart phones apprise us of updates often designed more to capture our data than to improve reliability or functionality.  Under pressure, phone providers have recently added a bit more information on what each update does if one can find and then understand it, but failure to agree to an update endangers continued cell-phone service.  This is the equivalent of solitary confinement and so each of us dutifully agrees to each update no matter how much of our privacy we give away.

Financial-privacy disclosures are still largely an analog game by virtue of the privacy notices required under the 1999 Gramm-Leach-Bliley Act. Back then, finance was bereft of digital paraphernalia and banks dominated it.  Thus, these privacy notices were and are essentially …

Go to Top