In a quiet yet deeply consequential move, the Trump administration has shelved a proposed rule that would have prevented data brokers from freely selling Americans’ personal and financial information, including sensitive data like Social Security numbers. The decision, made by the Consumer Financial Protection Bureau (CFPB), has drawn sharp criticism from privacy advocates who say the rollback exposes millions of Americans to increased data exploitation.
The regulation, originally introduced in December 2024 by the Biden-era CFPB, aimed to bring data brokers under the same legal framework that governs credit reporting agencies, using the authority of the Fair Credit Reporting Act (FCRA). By treating data brokers like credit bureaus, the rule would have forced them to follow stricter privacy standards—limiting how they collect, use, and share consumer data.
But on Tuesday, the CFPB—now under the leadership of Russell Vought, who also heads the White House Office of Management and Budget—officially rescinded the rule. In a filing with the Federal Register, Vought stated the rule was “not aligned with the Bureau’s current interpretation” of the FCRA.
A Step Back on Data Privacy
The reversal comes as a surprise to many, especially given growing concerns over how personal data is collected and sold in the U.S. With the rise of digital technologies, data brokers have amassed troves of information about nearly every American—from income and debt levels to location history and online behavior.
These companies often gather information from a mix of public records, commercial sources, and online activity, then sell it to advertisers, financial institutions, law enforcement, and intelligence agencies. What alarms critics most is that this often happens without any meaningful consent from the individuals whose data is being shared.
By withdrawing the rule, the CFPB has effectively reinforced the status quo—one where data brokers operate with minimal federal oversight and Americans have little say in how their data is used.
An Industry with Little Accountability
The data broker industry is massive, with firms generating billions of dollars in revenue by trafficking in personal information. Yet despite handling such sensitive material, these companies are not regulated like banks or health providers.
This lack of regulation has led to serious consequences. In 2024 alone, multiple data brokers were targeted in cyberattacks that compromised millions of Social Security numbers and leaked vast amounts of location data, tracking the movements of unsuspecting individuals.
Meanwhile, the Federal Trade Commission (FTC) has been trying to crack down on bad actors in the industry. Over the past year, it banned several firms from collecting and sharing personal data without explicit consent, citing violations of consumer protection laws and invasive tracking practices.
Lobbying Pressure Plays a Role
The timing of the CFPB’s decision appears far from coincidental. Just days before the rule was pulled, the Financial Technology Association—a lobbying group representing non-bank fintech firms—urged the administration to abandon the proposal. In a letter to Vought, the group argued that the rule would “undermine efforts to detect and prevent fraud,” claiming that access to consumer data is critical for financial institutions.
Their lobbying campaign seems to have paid off. The CFPB quietly dropped the rule shortly after receiving the letter, raising concerns that industry interests were prioritized over public protections.
Public Backlash and Growing Frustration
Privacy advocates are sounding the alarm, saying the move is a major setback for consumer rights. For years, experts have urged the government to apply the FCRA to data brokers, arguing that the law already provides the tools to regulate how consumer information is collected and used.
“This was a chance to bring some transparency and accountability to an industry that desperately needs it,” said one privacy advocate. “Instead, we’re left with a system where our most personal information is bought and sold without our knowledge.”
Critics also took issue with the lack of transparency surrounding the decision. The CFPB made no public announcement and offered no opportunity for comment, a move some see as an attempt to avoid scrutiny.
A Cloudy Future for Consumer Data Protections
With the proposed rule now off the table, the path forward for regulating data brokers remains uncertain. Although the FTC has stepped up enforcement in some cases, there is no single federal law that comprehensively governs how personal data is collected, shared, or sold in the U.S.
In recent years, states like California and Colorado have passed their own data privacy laws, but the patchwork approach leaves major gaps and inconsistencies in protections across the country.
Federal lawmakers have introduced various data privacy bills, but most have stalled amid partisan gridlock and heavy lobbying from tech and financial industries.
