Facing a world where data aggregation has become increasingly complex and dangerous, the CFPB has released a series of non-binding principles that are designed to help protect consumer data after it’s been authorized for a third-party use by that consumer.
The goal, according to the CFPB, is to make it easier to create and develop financial products and services, increase competition in financial markets, and empower consumers to take greater control of their financial lives.
“These principles express our vision for realizing an innovative market that gives consumers protection and value,” CFPB Director Richard Cordray said.
The principles were generated, according to the agency, out of comments solicited last year from various stakeholders connected to the problem. The CFPB further noted that while these guidelines are being released now, industry players are in some instances already at work building out improvements to consumer authorization for financial data aggregation.
The CFPB also confirmed that — while it is continually working on this issue, and while it intends to continue to monitor the market for future developments — financial services providers should not be concerned that the new guidelines presage a coming change to any of the bureau’s future enforcement or supervisory activities.
Instead, the principles make it clear what consumers can expect from their third-party interactions. One such new guideline is that customers should easily be able to determine the ownership of a financial product. A second, but related, principle is that firms should only seek out the data necessary to provide their services (as opposed to wide fishing expeditions) — and that once the data has served its purpose, it should be disposed of.
The principles also note that consumers should not be coerced into providing their financial data and should be able to revoke authorization to access data.
The CFPB also recommends developing a transparent and easily accessible mechanism for resolving disputes.