Crypto Advocacy Organization Urges CFPB to Adopt "Consumer-Centric" Framework
Commentary by Steven Lofchie
The Crypto Council for Innovation ("CCI"), a non-profit advocating for inclusive regulation, urged the Consumer Financial Protection Bureau ("CFPB") to adopt a "consumer-centric, innovation-friendly framework" for financial data access.
CCI's comment letter was a response to the CFPB's Advance Notice of Proposed Rulemaking on Personal Financial Data Rights, which proposed updates to Section 1033 of the Dodd-Frank Act governing how consumers access and share their financial data. CCI urged the agency to strengthen consumer autonomy, promote open banking, and support digital asset innovation. The CCI called the CFPB’s review a pivotal step toward creating a consumer-centered data framework.
The CCI emphasized that consumer access to and control over financial data is vital to Fintech innovation, enabling users to connect accounts, compare services, and adopt new financial tools. The organization argued that permissioned data access supports the crypto and Web3 ecosystem by allowing seamless movement between traditional and decentralized platforms. The CCI cautioned that fees or restrictive standards could hinder competition and limit consumer participation. The CCI urged the CFPB to preserve open, low-cost, and standardized access to maintain Section 1033 as a bridge between traditional finance and Web3 innovation.
CCI also addressed the following issues raised by the proposed rulemaking:
- Scope of Who May Make a Request. The CCI urged the CFPB to permit any entity acting as a consumer’s authorized representative, including Fintech and crypto service providers, to access financial data when properly authorized. The CCI cautioned against fiduciary obligations or licensing regimes that could favor incumbents and limit innovation.
- Defrayment of Costs. The CCI insisted that the CFPB maintain the prohibition on charging consumers fees to access or share their financial data. The CCI emphasized that Section 1033 grants this right unconditionally and that fees would distort competition and discourage participation in new financial ecosystems.
- Information Security. The CCI called for outcomes-based, technology-neutral security standards emphasizing encryption, limited access, and multi-factor authentication. The CCI also recommended a tiered liability framework reflecting the actual risk of each activity rather than a uniform standard.
- Privacy Concerns. The CCI advocated for privacy protections grounded in user agency, data minimization, transparent consent, and simple revocation. The CCI opposed annual reauthorization requirements, instead supporting an inactivity-based approach that would automatically revoke access after a defined period of non-use. The CCI also endorsed allowing secondary data use with explicit consumer consent to promote innovation while maintaining trust and control.
Commentary
The government puts itself in a difficult position when it goes into the business of mandating prices and business terms. Leaving aside the economic issues, there are complicated issues as to privacy and data security.