CFPB outlines customer data-sharing principles

The CFPB issued principles for protecting consumers when they authorize third party companies to access their financial data to provide certain financial products and services.

The CFPB said the principles are intended to help foster the development of innovative financial products and services, increase competition in financial markets, and empower consumers to take greater control of their financial lives. The principles affirm, to all stakeholders, that consumer-authorized financial data needs to be protected.

The principles relate to data access, data scope and usability, control of the data and informed consent, payment authorizations, data security, transparency on data access rights, data accuracy, accountability for access and use, and disputes and resolutions for unauthorized access.

In developing the principles, the bureau said it sought to balance customer access to products with protections around data privacy and security. It also acknowledged efforts made by industry players to improve customer-authorized data access.

“The bureau released its consumer protection principles for the consumer-authorized data-sharing market,” Cordray said. “These principles express our vision for realizing an innovative market that gives consumers protection and value.”

The bureau has been studying consumer-authorized data access and issued a Request for Information in 2016 to gather feedback from a wide range of stakeholders. It received feedback from large and small banks, their trade associations and others.