The House Financial Services Committee’s ranking member, Patrick McHenry, released a draft bill on June 23 that seeks to modernize financial data privacy laws and give consumers more control over how their personal information is collected and used.
“This proposal will modernize the current framework to better align with evolving technology and protect against the misuse or overuse of consumers’ personal information,” said McHenry.
The draft bill focuses on nonpublic personal information. The definition of nonpublic information is expanded to include “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer.”
While the proposed bill will give consumers more opportunities to decide who has access to their data and how this data is handled, the bill doesn’t enter in the debate of open banking and does not provide either additional powers to consumers or financial institutions to share customers’ account data.
The text also recognizes the need for consumers to control how their personal information will be used beyond financial institutions (FI), and that is why the proposed bill includes data aggregators, who will be bound by the same rules as traditional FI. That means that the bill could end up applying to FinTech companies like Plaid.
The draft bill empowers consumers to understand how their data is being collected and used by a service provider when they agree to the provider’s privacy policy. In addition, the bill ensures consumers have the right to terminate collection of their data, and/or request deletion of their data, at any time.
For instance, FIs will need to notify consumers that their nonpublic personal information is being collected, explain why they are collecting that data and use it only for the stated purpose. Additionally, FIs will need to provide consumers with an opportunity to opt out of data collection.
Also, to facilitate a consumer’s request to stop data collection from any company — whether it is a financial institution, a data aggregator or any other third party — the bill provides that if a FI is required to terminate the collection and/or sharing of a consumer’s nonpublic personal information, the FI must notify third parties that data sharing has been terminated and requires them to also terminate.
The bill also contains several provisions that would allow consumers to get more information from their financial institutions about the categories of personal information collected, entities with which the FI shares the data and entities from whom the FI had received nonpublic personal information.
Last, the draft bill mandates that relevant agencies and regulators, including Federal Banking agencies, the Securities and Exchange Commission (SEC) and the Federal Trade Commission (FTC), not later than one year after the enactment of the law, must issue rules to implement these amended sections of the Gramm-Leach-Bliley Act.
The text comes on the same day that lawmakers on the House Energy and Commerce Committee marked up the American Data Privacy and Protection Act.
Read more: Data Privacy Bill Passes US House Panel
Open Banking
While this draft bill does not deal with open banking — when a consumer allows his or her FI to share financial information with a third-party provider — the Consumer Financial Protection Bureau (CFPB) may need to take this bill into account for its future plans in this space.
The CFPB has publicly said that it is working on new rules to facilitate open banking by empowering consumers to easily share their financial information. However, FIs may willingly or inadvertently send certain nonpublic personal information along with financial information, especially if the scope of nonpublic personal information is expanded. This could require FIs to inform consumers about it, and any rulemaking by the CFPB should ensure that there are no inconsistencies between these two laws.
Read more: CFPB Takes First Steps for Open Banking, Big Tech Scrutiny
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More