Welcome to the latest Truth in Privacy dispatch, Consumer Watchdog’s tech and privacy newsletter.
There is a new threat to financial data privacy, and it comes in the form of a proposed federal law that only appears to protect consumer data privacy.
Tentatively dubbed “the Financial Data Privacy Bill,” the draft legislation amending the Gramm-Leach-Bliley Act (GLBA) before the House Financial Services Committee seeks to provide uniform framework regarding how financial service companies must handle data deletion requests and inform consumers about what is collected about them.
But much like the dormant federal American Data Privacy and Protection Act, the new draft legislation would preempt stronger state privacy laws, give a pass to companies that buy and sell personal data, and handicap the public’s right to sue in court. If you’re looking for a strong federal privacy law, this isn’t it.
The bill rewrites a section of the GLBA to allow preemption of any state law that regulates the collection and disclosure of personal information, and data breach notifications by financial companies. In California, this includes the California Consumer Privacy Act (CCPA) and the California Financial Information Privacy Act, which has been law for 20 years. California has stronger breach notification standards than GLBA, which doesn’t require depository institutions to send a notification if they determine that misuse of the information is not “reasonably possible.” Further, state laws like CCPA allow consumers to seek remedy in court. Under CCPA, consumers can sue for data breaches. Preemption will take away existing protections for Californians and stop states from adopting new ones.
The law would also shield “data aggregators,” or data brokers, who buy and sell consumer financial data. These third-party companies would face no liability under GLBA.
Look no further to the banking industry’s support of the legislation as evidence of its lack of pro-consumer protections. During testimony Wednesday before the House Financial Services Committee, the American Banking Association, the trade group doing Wall Street’s bidding, said it supports the bill precisely because of state preemption and application to data aggregators.
“ABA supports several aspects of the draft, including, for example, the addition of meaningful preemption and additional clarity about the application of the GLBA to data aggregators,” according to the ABA’s testimony
The proposal is picking up opposition from several public interest groups, including the plaintiff bar-fronted American Association for Justice, Consumer Federation of America, Consumer Action, National Consumer Law Center, U.S. Pirg, and Epic. The California Privacy Protection Agency, which regulates the newly amended California Consumer Privacy Act, has also expressed opposition to the new financial data privacy bill.