Demand Progress applauded CFPB Director Rohit Chopra's announcement on Tuesday of a proposed rule that would limit the sale of personal information like Social Security numbers and phone numbers to ensure data brokers don't sell sensitive data to scammers.
Under the rule, the CFPB would clarify that when data brokers sell certain consumer data they are acting as "consumer reporting agencies" as defined by the Fair Credit Reporting Act (FCRA), which requires them to comply with accuracy requirements and maintain safeguards.
"Until now," said Demand Progress, "data brokers have been able to sell our personal information to the highest bidder—including scammers, blackmailers, and stalkers."
Emily Peterson-Cassin, corporate power director for Demand Progress Education Fund, said the agency "should be applauded for standing up to data brokers and working to rein in the sale of sensitive information about us, which can also end up in the hands of foreign governments."
"This groundbreaking rule offers a needed solution for Americans who are sick and tired of being inundated by scam texts, calls, and emails—often from fraudsters who have been able to buy our data for mere pennies," said Peterson-Cassin. "If finalized, this rule would be a major win for the privacy rights of Americans and is the kind of bipartisan, commonsense action that should be protected and encouraged by politicians in both parties."
Demand Progress was also among the groups that tied the announcement to a recent comment by Musk about a report that data brokers sell data about military personnel to unknown buyers for as little as 12 cents.
Musk called the report "concerning" in a Nov. 17 post on X.
"Good news, Elon!" said the organization, informing him of the proposed rule—before warning that Musk's own plan to gut the CFPB would embolden the very data brokers he expressed concern about.
"Guess which federal agency just proposed a rule cracking down on those data brokers selling the data of U.S. military personnel?" added the Electronic Privacy Information Center.
The CFPB said its proposal would also address other "critical threats from current data broker practices," including:
- The ability of countries such as China or Russia to purchase detailed data about government employees, enabling governments to create "detailed dossiers for potential espionage, surveillance, or blackmail operations";
- The targeting of vulnerable consumers like senior citizens and financially distressed people by identity thieves and scammers, who purchase detailed financial profile and use the data to steal retirement savings or commit fraud;
- Violence, stalking, and personal safety threats to domestic violence survivors, judges, or government employees, who can "face grave dangers when their current addresses and phone numbers are readily available for purchase through data brokers."
The CFPB introduced the rule after finding that "data brokers routinely sidestep the FCRA by claiming they aren't subject to its requirements."
U.S. Sen. Ron Wyden (D-Ore.), who for years has called on the CFPB to address the threats of data brokers, toldThe Washington Post that he has concerns the rule won't go into effect once Trump takes office.
"Unfortunately," said Wyden, "it will be up to Trump's CFPB to finalize this."
Bartlett Naylor, a financial policy advocate for Public Citizen, said the proposed protections would protect Americans from the $250 billion-per-year data sales business.
"All of us leave our financial fingerprints everywhere, every day, between credit card swipes, internet communications, and more. Thieves, loan sharks, stalkers, even foreign espionage agents can exploit gaping holes in credit reporting enforcement that the CFPB is rightly proposing to repair," said Naylor.
"A Republican-led congressional committee investigated this last year, a reminder that this isn't a partisan issue," Naylor added. "No one should side with data predators."