In a letter to the CFPB, TCH and BPI provided detailed recommendations to the CFPB to increase consumer protections when customers share their personal financial data. The letter repeats TCH’s long-standing recommendation that screen scraping and credential-based access should end by explicitly prohibiting these practices by third parties once consumer data is available on a data provider’s developer interface. Consumers should also always receive the full protections of the rule, even if their data is collected by screen scraping. The letter recommends that third parties should always be required to provide the consumer disclosures of the rule, receive a consumer’s express informed consent to data sharing, and abide by the rule’s other consumer protections regarding collection, use, and retention of data; meet minimum data security standards; obtain a reauthorization every 12 months; and provide consumers with a means to revoke their authorization. The letter also calls for direct supervision by the CFPB of the largest third parties and data aggregators and cautions that the proposal lacks appropriate supervision, liability, and security requirements to protect consumers with regard to payment initiation.
To read the full comment letter click here