US Consumer Financial Protection Bureau opens comment on digital payment privacy and Electronic Fund Transfer Act coverage for emerging mechanisms

The US Consumer Financial Protection Bureau (CFPB) published two public comment notices aimed at applying existing consumer protection and financial privacy requirements to emerging digital payment mechanisms and addressing concerns about data-driven surveillance in payments, particularly on large technology platforms. One notice is a Request for Information on how providers of consumer financial products and services collect, use, share, and protect personal financial data derived from payments, including whether current Gramm-Leach-Bliley Act and Regulation P disclosures and opt-out tools, as well as the Fair Credit Reporting Act framework, are effective in an environment of extensive data collection that can be combined with other consumer data and used for practices such as personalized pricing. The second is a proposed interpretive rule setting out a framework for when the Electronic Fund Transfer Act and Regulation E protections, including error and fraud dispute rights, apply to newer payment mechanisms, including offerings linked to large technology companies, video gaming platforms, and stablecoins and other digital currencies. Comments on the proposed interpretive rule are due by March 31, 2025, and comments on the Request for Information are due by April 11, 2025.