The White House hosted a roundtable meeting Tuesday on the data brokering industry as a part of an administration-wide push toward strengthening America’s consumer privacy landscape. The meeting brought together researchers, regulators, and consumer advocates. The Biden-Harris Administration has called for stronger national regulations on data brokering, or the buying and selling of personal consumer data. Data brokers have been implicated in sharing extremely sensitive data without the subject’s knowledge. For example, we previously reported on a Federal Trade Commission (FTC) suit against a broker for allegedly selling personal geolocation data that indicated the subjects’ places of worship and visits to reproductive health clinics.

In a tandem announcement, the Consumer Financial Protection Bureau (CFPB) announced that it is considering new regulations empowered by the Fair Credit Reporting Act (FCRA). The CFPB proposes classifying certain data brokers as consumer reporting agencies under the FCRA. This would subject those data brokers dealing in the broad categories of data covered by the FCRA to increased oversight and restrictions on improper use. The regulations will also clarify to what extent “credit header data,” or data gleaned from credit reports and circulated by data brokers, is a consumer report per FCRA. These regulations are in the pre-proposal stage, and the CFPB is asking small business owners for input.

If enacted as described, these regulations may be a much-needed win for American consumer privacy. There is no overarching privacy legislation at the federal level, and only a few states (among them California and Vermont) currently try to regulate the wild west of data brokering and surveillance capitalism.

Photo of Kathryn Rattigan Kathryn Rattigan

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security…

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.