The Consumer Financial Protection Bureau (CFPB) is facing a lawsuit over its newly finalized data privacy rule, implementing Section 1033 of the Dodd-Frank Act. The suit claims the rule, which is meant to give consumers more control over their personal financial data, would open the door to increased risk of fraud due to a lack of requirements for third-party oversight.
The Bank Policy Institute and Kentucky Bankers Association filed a complaint against the bureau in the U.S. District Court for the Eastern District of Kentucky, asserting the CFPB overstepped its statutory authority and finalized a rule that jeopardizes consumers’ privacy, financial data and account security.
“BPI supports a competitive marketplace where consumers control how their personal financial data is used and with whom it is shared, so long as their data remains protected,” BPI President and CEO Greg Baer said in a statement. “Unfortunately, the CFPB delivered a rule that treats sensitive financial data with as little care as a consumer’s web browsing history.”
Specifically, the lawsuit claims the new rule requires no oversight of third parties using bank customer data, increases the likelihood of fraud and scams by failing to address weak safeguarding practices, would permit screen-scraping and other unsafe practices to continue, fails to hold third parties accountable, allows third parties to profit, at no cost, from systems built and maintained by banks, and imposes an unreasonable implementation timeline.
Check back with Dodd Frank Update for more details about this matter.