EPIC's Call to Arms: Protecting Consumer Data

Urging CFPB to Take Firm Regulatory Measures Against Data Brokers

The Electronic Privacy Information Center (EPIC) has urged the Consumer Financial Protection Bureau (CFPB) to intensify regulatory actions against data brokers due to concerns about the invasive nature of data collection and the potential harms to consumers. EPIC emphasizes that everyday activities lead to extensive data profiles, which most consumers cannot evade.

EPIC recommends leveraging the Fair Credit Reporting Act (FCRA) more effectively to monitor and restrict data broker activities. EPIC's suggestions include confirming FCRA's broad scope, limiting consumer report sales, ensuring data minimization, and applying additional safeguards under the Consumer Financial Protection Act (CFPA) like prohibiting secret scoring and certain data disclosures.

SOAP Notes on Data Brokering and Privacy Issues

Subjective:
- EPIC's concern over widespread data trafficking, its effect on consumers, and the inadequacy of current protective measures.
- Daily activities produce data that brokers compile into comprehensive profiles.
- Average individuals cannot avoid data collection, given the pervasive data-extractive technologies and online services.
- EPIC Director of Litigation, John Davisson, labels data brokers as the central mechanism of the surveillance economy.

Objective:
- EPIC has approached the CFPB with extensive comments in response to the bureau's inquiry into the data broker industry.
- The Fair Credit Reporting Act (FCRA) was established in 1970 to regulate the collection, sharing, and disposal of personal data by consumer reporting companies.
- EPIC's recommendations to CFPB focus on ensuring consumers' rights, data minimization, security of consumers’ personal information, and restrictions on the use of certain types of data.

Assessment:
- Data brokers operate on a large scale with limited oversight, transparency, and accountability.
- Existing regulations under the FCRA can be better leveraged to monitor and restrict data brokers.
- EPIC emphasizes the importance of the CFPB's role in ensuring consumer data protection, especially given the increasing influence and reach of data brokers.

Plan:
1. EPIC urges the CFPB to:
   - Utilize unused regulatory and enforcement powers under FCRA.
   - Confirm the wide reach of FCRA.
   - Establish that FCRA should primarily be applicable to data brokers and related entities.
   - Limit the purposes for which consumer reports can be sold.
   - Emphasize liabilities for both unintentional and unauthorized disclosures of personal information.
   - Incorporate data minimization principles into regulations.
   - Restrict certain uses of credit reports.
2. Beyond FCRA, EPIC advises the CFPB to use the Consumer Financial Protection Act (CFPA) to:
   - Prohibit secret scoring.
   - Limit disclosure and buying of certain types of data.
   - Stop data brokers from facilitating discrimination.
   - Regulate non-FCRA-covered fraud scoring.
3. EPIC also encourages CFPB to seek more public input and collaborate with other organizations to further regulate data brokers.