A senior Trump administration official has reversed course on a proposed plan designed to stop data brokers from selling sensitive personal and financial information about Americans, including their Social Security numbers.
The Consumer Financial Protection Bureau (CFPB) originally announced in December 2024 that it intended to close a loophole in the Fair Credit Reporting Act, the federal legislation that safeguards sensitive personal data collected by consumer reporting companies, such as credit bureaus and tenant-screening services. The planned rule would have brought data brokers in line with other entities governed by the Act, compelling them to adhere to stringent privacy protections.
However, according to a recent filing in the Federal Register, the proposed rule was withdrawn Tuesday morning. Acting CFPB director Russell Vought, who also serves as head of the White House’s Office of Management and Budget, argued the policy “is not aligned with the Bureau’s current interpretation” of the Fair Credit Reporting Act.
The withdrawn rule was intended to curb the multi-billion-dollar data brokerage industry, where businesses gather extensive personal and financial information about individuals and sell it without explicit consent, often to corporations, law enforcement agencies, or intelligence services. Privacy advocates have long pushed for broader regulatory enforcement under the existing act to limit this practice.
Over the past year, vulnerabilities in data broker databases have emerged prominently into public view. At least two significant breaches resulted in the exposure of millions of Social Security numbers and the theft of detailed and sensitive location data, compromising the privacy and security of millions of people.
In response to widespread concerns, the Federal Trade Commission took disciplinary actions against several prominent data brokers throughout 2024, banning some from collecting and sharing personal information without consent, following accusations of illegally tracking and marketing the public’s data.
The CFPB move to scrap the privacy regulation follows closely on a public call from the Financial Technology Association, an influential lobbying group representing financial institutions and fintech firms. In its letter to Vought, the association asserted the planned restrictions would harm industry’s ability to detect and combat fraud.
The CFPB has not yet responded to requests for further comment on the decision.
