CFPB Retracts 2024 Rule Limiting Sale of Personal Data by Brokers

TL;DR

The Consumer Financial Protection Bureau (CFPB) has withdrawn a 2024 rule designed to limit the sale of Americans’ personal data by data brokers. This decision, cited as unnecessary for now, leaves consumers vulnerable to data misuse and scams. The rule aimed to protect sensitive information and ensure data brokers complied with federal laws.

CFPB Withdraws 2024 Rule on Data Broker Practices

The Consumer Financial Protection Bureau (CFPB) has decided to withdraw a 2024 rule aimed at limiting the sale of Americans’ personal information by data brokers. This decision was announced in a Federal Register notice published yesterday, stating that legislative rulemaking is not currently necessary or appropriate for addressing the subject matter¹.

The Data Brokerage Industry

The data brokerage industry is a lucrative market, generating an estimated $300 billion in annual revenue. Data brokers collect and sell personally identifiable information (PII), including financial details and personal behavior, often without clear consent from individuals. This practice raises significant concerns about privacy and data security.

Proposed Rule and Its Objectives

The CFPB proposed the rule in December 2024 to curb the sale of sensitive personal and financial information. The rule aimed to restrict the sale of personal identifiers such as Social Security Numbers (SSNs) and phone numbers, ensuring that financial data is shared only for legitimate purposes, such as mortgage approvals, rather than being sold to scammers.

The proposal sought to address serious threats posed by current industry practices, including:

• National security risks
• Surveillance concerns
• Criminal exploitation
• Doxxing
• Protection of personal safety for law enforcement personnel and domestic violence survivors

Compliance and Consumer Protection

The CFPB intended to treat data brokers like credit bureaus and background check companies, requiring them to comply with the Fair Credit Reporting Act (FCRA). This would have mandated data brokers to obtain explicit and separately authorized consumer consent, ensuring greater transparency and control over personal data.

By aligning with the FCRA, the proposal aimed to enhance consumer protection without interfering with existing legal frameworks. This would have required data brokers to:

• Ensure the accuracy and privacy of collected data
• Provide mechanisms for consumers to dispute and correct inaccurate information
• Notify consumers when their data is used for decisions about credit, insurance, or employment
• Face enforcement actions and penalties for non-compliance

Reaction from Watchdog Groups

Acting CFPB Director Russell Vought cited “updates to Bureau policies” as the reason for withdrawing the rule. However, watchdog groups have expressed concern. Matt Schwartz, a policy analyst at Consumer Reports, highlighted the vulnerabilities consumers now face:

“Data brokers collect a treasure trove of sensitive information about virtually every American and sell that information widely, including to scammers looking to rip off consumers.”²

Protecting Personal Information

Cybersecurity risks should not extend beyond headlines. With Malwarebytes Personal Data Remover, users can scan for websites exposing their personal information and delete that sensitive data from the internet.

For more details, visit the full article: source

Conclusion

The withdrawal of the CFPB’s 2024 rule leaves consumers exposed to the risks associated with unregulated data brokerage practices. As the industry continues to profit from personal data, the need for robust consumer protection measures becomes increasingly urgent. Future developments in data privacy legislation will be crucial in safeguarding individuals’ personal information.

References

1. “Protecting Americans From Harmful Data Broker Practices Regulation V; Withdrawal of Proposed Rule”. 2025. Federal Register Notice. Retrieved 2025-05-16. ↩︎

2. Matt Schwartz (2025). “Statement on CFPB Rule Withdrawal”. Consumer Reports. Retrieved 2025-05-16. ↩︎