Privacy & Information Security Law Blog

On January 10, 2025, the U.S. Consumer Financial Protection Bureau (“CFPB”) invited public comment on strengthening privacy protections for, and a proposed interpretive rule extending financial consumer protections to, emerging payment mechanisms. The agency’s request for information (“RFI”) aims to clarify how existing financial privacy laws apply to emerging consumer payment mechanisms, including digital currencies and gaming platforms. Additionally, the agency issued a proposed interpretive rule (“Proposed Rule”) meant to extend financial consumer protections against errors and fraud to emerging payment mechanisms. 

The CFPB’s RFI focuses on how companies collect, use and share consumer financial data. The agency’s research indicates that some digital payment platforms collect more data than necessary to complete transactions, often integrating this data with broader consumer information such as location and browsing history. This practice raises concerns about personalized pricing and potential consumer harm. The CFPB is evaluating whether existing regulations, such as the Gramm-Leach-Bliley Act and the Fair Credit Reporting Act, sufficiently address modern data surveillance practices.

In addition to privacy concerns, the CFPB has issued the Proposed Rule to clarify the application of Regulation E of the Electronic Fund Transfer Act to emerging payment mechanisms. Regulation E provides consumer protections against errors and unauthorized transactions in electronic fund transfers. The proposed rule would expand key definitions within Regulation E to include:

• Financial Institutions: Extending coverage to nonbank entities that facilitate electronic fund transfers.
• Funds: Broadening the definition to encompass digital assets that function as a medium of exchange, including stablecoins and similar payment instruments.
• Accounts: Expanding the definition to cover virtual currency wallets, gaming accounts and credit card rewards points used for transactions.

The CFPB’s proposal highlights the growing role of digital payment options beyond traditional banking systems and seeks to ensure consumer protection measures apply consistently across emerging platforms.

Public comments may be submitted on the Proposed Rule by March 31, 2025, and the RFI by April 11, 2025.