Tell the CFPB: Protect Our Financial Privacy
The Consumer Financial Protection Bureau (CFPB)
Have you used an app like Venmo, PayPal, Zelle, Apple Pay, Google Pay, or Cash App recently to transfer money to a friend, pay for something online or in-person? If the answer is yes, then you should know that these apps do not have to comply with the same rules as your bank and credit card company. There are rules about what information traditional financial institutions can share with others but at this point they don't apply to apps like Venmo so they could be giving access to all your financial data to anyone willing to pay for it. This is a big problem when it comes to your privacy. What you're paying for can be shared with anyone PayPal wants to sell it to and could be used in manipulative and biased ways.
The good news is that we can change this. The Consumer Financial Protection Bureau (CFPB)—the agency that keeps consumers like us safe from abusive financial practices—is working on a rule to make sure those apps have to protect your privacy. They’ve launched a rulemaking process that would allow the CFPB to supervise digital wallet and payment app providers. The companies will be fighting against this rulemaking so the CFPB needs to hear from everyone who supports these new rules. The more the CFPB hears from people that this will be good for them, the more they can enact stronger privacy rules. Submit a comment NOW demanding that the CFPB protect our financial privacy.Sponsored by
To:
The Consumer Financial Protection Bureau (CFPB)
From:
[Your Name]
To the CFPB:
I am writing about your proposed rule “Defining Larger Participants of a Market for General-Use Digital Consumer Payment Applications” which will ensure the supervision of digital payment apps like Venmo, PayPal, Zelle, Apple Pay, Google Pay, and Cash App. I use apps like this in my everyday life, so it’s good news to hear that the agency will be taking steps to ensure protection for consumers like me. My financial information is very important to me and should be kept private, not at risk of being exploited or shared with others I do not consent to. I hope the CFPB rulemaking will take steps to ensure financial privacy and protect users like me by:
Preventing unnecessary data collection: Many harms directly result from the unfair and deceptive mass collection, use, and sharing of peoples’ (financial) data by Big Tech companies and financial institutions. In order to protect consumers from such harms, the CFPB must address how users’ financial information is collected, stored, used, managed, and retained. Most users are unable to read and understand the privacy language and policies used by these apps. This means that as users, we often do not understand how our data could be collected, tracked, used, and stored. Companies are able to collect large amounts of personally identifiable information, access this information, share it with third parties and use it to predict user behavior. This can result in biased practices and policies that negatively impact every user, but in particular, marginalized and vulnerable consumers. To address this, the CFPB should ensure companies are limited in what data they can collect to only what they need. The agency should also require default opt-out for each data type and use case without consequence, loss of service, and/or harm.
Ensuring transparency: Studies have found that digital payment app users could lose money to fraud or scams and face privacy risks because of the large amounts of information collected from users and made available to third parties. They make it difficult for users to identify how much of their data is being collected and fail to provide the ability to request its deletion or limit the data apps have access to. At the same time, these apps often do not offer adequate protection to their users, including failing to reimburse them if they fall victim to fraud due to these inadequate privacy protections. The CFPB should require transparency around digital applications policies including privacy, reimbursement policies and FDIC insurance coverage.
Data security: Frequent cyberattacks highlight how the information companies collect is a target for hackers, data thieves, and other bad actors. This puts peoples’ personal, biometric, financial, and other data at risk. Companies should take meaningful steps to ensure the security of consumer data and clearly state the security options and protections available to consumers using their platforms. This will provide them with information on the level of security offered by various providers as they choose digital payment apps. In order to fully protect consumer data, the CFPB should also require encryption of financial data on all digital payment applications.
I thank the CFPB for launching this rulemaking process and I support its efforts to protect consumer’s financial privacy. However, I urge you to ensure that this proposal actually protects us and does not violate our human rights inadvertently.