InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB Director speaks on new and proposed rules for “data brokers”
On April 2, the Director of the CFPB, Rohit Chopra, delivered a speech at the White House Office of Science and Technology Policy highlighting President Biden’s recent Executive Order (EO) to Protect Americans’ Sensitive Personal Data and how the CFPB will plan to develop rules to regulate “data brokers” under FCRA. As previously covered by InfoBytes, the President’s EO ordered several agencies, including the CFPB, to better protect Americans’ data. Chopra highlighted how the EO not only covered data breaches but also regulated “data brokers” that ingest and sell data. According to the EO, “Commercial data brokers… can sell [data] to countries of concern, or entities controlled by those countries, and it can land in the hands of foreign intelligence services, militaries, or companies controlled by foreign governments.”
Consistent with the President’s EO, the CFPB will plan to propose rules this year that will regulate “data brokers,” as per its authority under FCRA. Specifically, the proposed rules would include data brokers within the definition of “consumer reporting agency”; further, a company’s sale of consumer payment or income data would be considered a “consumer report” subject to requirements, like accuracy, customer disputes, and other provisions prohibiting misuse of the data.
White House orders DOJ and CFPB to better protect citizens’ sensitive personal data
On March 1, the White House released Executive Order 14117 (E.O.) titled “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” to issue safeguards against Americans’ private information. The E.O. was preceded by the White House’s Fact Sheet which included provisions to protect Americans’ data on their genomic and biometric information, personal health, geolocation, finances, among others. The E.O. shared how this data can be used by nefarious actors such as foreign intelligence services or companies and could enable privacy violations. Under the E.O., President Biden ordered several agencies to act but primarily called on the DOJ. The president directed the DOJ to issue regulations on protecting Americans’ data from being exploited by certain countries. The White House also directed the DOJ to issue regulations to protect government-related data, specifically citing protections for geolocation information and information about military members. Lastly, the DOJ was directed to work with DHS to prevent certain countries’ access to citizens’ data through commercial means and the CFPB was encouraged to “[take] steps, consistent with CFPB’s existing legal authorities, to protect Americans from data brokers that are illegally assembling and selling extremely sensitive data, including that of U.S. military personnel.”
A few days before, the DOJ released its fact sheet detailing its proposals to implement the White House’s E.O., focusing on national security risks and data security. The fact sheet highlighted that our current laws leave open lawful access to vast amounts of Americans’ sensitive personal data that may be purchased and accessed through commercial relationships. In response to the E.O., the DOJ plans to release future regulations “addressing transactions that involve [Americans’] bulk sensitive data” that pose a risk of access by countries of concern. The countries of concern include China (including Hong Kong and Macau), Russia, Iran, North Korea, Cuba, and Venezuela. The DOJ will also release its Advance Notice of Proposed Rulemaking (ANPRM) to provide details of the proposal(s) and to solicit comments.
White House provides three-month update on its AI executive order
On January 29, President Biden released a statement detailing how federal agencies have fared in complying with Executive Order 14110 regarding artificial intelligence (AI) development and safety. As previously covered by InfoBytes, President Biden’s Executive Order from October 30, 2023, outlined how the federal government can promote AI safely and in a secure way to protect U.S. citizens’ rights.
The statement notes that federal agencies have (i) used the Defense Production Act to have AI developers report vital information to the Department of Commerce; (ii) proposed a draft rule for U.S. cloud companies to provide computing power for foreign AI training, and (iii) completed risk assessments for “vital” aspects of society. The statement further outlines how the NSF (iv) managed a pilot program to ensure that AI resources are equitably accessible to the research and education communities; (v) began the EducateAI initiative to create AI educational opportunities in K-12 through undergraduate institutions; (vi) promoted the funding of a new Regional Innovation Engines to assist in creating breakthrough clinical therapies; (vii) the OPM launched the Tech Talent Task Force to accelerate hiring data scientists in the government, and (viii) the DHHS established an AI Task Force to provide “regulatory clarity” in health care. Lastly, the statement provides additional information on various agency activities that have been completed in response to the Executive Order. More on this can be found at ai.gov.
President Biden vetoes bill on CFPB small business data rule
On December 19, President Biden vetoed bill S. J. Res. 32 that would have repealed the CFPB’s small business data collection rule known as “Small Business Lending Under the Equal Credit Opportunity Act (Regulation B).” As previously covered by InfoBytes, the small business data collection rule, under Section 1071 of the Dodd-Frank Act, requires small business owners to provide demographic data (i.e., race, gender, ethnicity, etc.), as well as geographic information, lending decisions, and credit pricing to lenders. According to President Biden’s statement accompanying the veto, the CFPB’s final rule brings “transparency to small business lending” and repealing this rule would “hinder” the government’s ability to conduct oversight of predatory lenders. The bill is now to be returned to the Senate to be voted on again and can only become law if two-thirds of members support the bill. Separately, in October, a U.S. District Court in Texas imposed an injunction on the CFPB’s small business data rule (covered by InfoBytes here).
CFPB’s Language Access Plan breakdown for consumers with limited English proficiency
On November 15, the CFPB issued a report, titled “The CFPB Language Access Plan for consumers with limited English proficiency,” on expanding consumer needs in the financial marketplace for individuals with limited English proficiency. The CFPB released this report consistent with the mandates under E.O. 13166 to “educate and empower all consumers, provide information and assistance to traditionally underserved consumer and communities, enforce fair lending laws, and promote an equitable workforce for all consumers.”
The CFPB cites that 22 percent of the U.S. population over the age of five speak a language other than English at home. The CFPB commits itself to ensuring that tools, programs, and services are available to those who need language assistance by (i) understanding the needs of the population; (ii) conducting outreach and engagement; (iii) providing products and services in eight different languages other than English; and (iv) promoting fair and equitable access to the financial marketplace.
The CFPB’s report also lists several public enforcement actions involving communicating with consumer with limited English proficiency. The report mainly outlines how well the agency does in addressing the diverse language needs of the U.S. population, including translated disclosures, websites, and outreach and engagement sessions.
President Biden issues Executive Order targeting AI safety
On October 30, President Biden issued an Executive Order (EO) outlining how the federal government can promote artifical intelligence (AI) safety and security to protect US citizens’ rights by: (i) directing AI developers to share critical information and test results with the U.S. government; (ii) developing standards for safe and secure AI systems; (iii) protecting citizens from AI-enabled fraud; (iv) establishing a cybersecurity program; and (v) creating a National Security Memorandum developed by the National Security Council to address AI security.
President Biden also called on Congress to act by passing “bipartisan data privacy legislation” that (i) prioritizes federal support for privacy preservation; (ii) strengthens privacy technologies; (iii) evaluates agencies’ information collection processes for AI risks; and (iv) develops guidelines for federal agencies to evaluate privacy-preserving techniques. The EO additionally encourages agencies to use existing authorities to protect consumers and promote equity. As previously covered by InfoBytes, the FCC recently proposed to use AI to block unwanted robocalls and texts). The order further outlines how the U.S. can continue acting as a leader in AI innovation by catalyzing AI research, promoting a fair and competitive AI ecosystem, and expanding the highly skilled workforce by streamlining visa review.
California governor signs executive order on GenAI
On September 6, California Governor Gavin Newsom signed an Executive Order (E.O.) instructing state agencies to evaluate how generative artificial intelligence (GenAI) may impact the State and its residents. Specifically, the E.O. requires certain state agencies to provide a report to the Governor which will examine “the most significant, potentially beneficial uses” of GenAI tools by the state. The report must also discuss “the potential risks to individuals, communities, and government and state government workers” from GenAI tools. Certain California agencies, including the Department of Technology, must perform a “risk analysis of potential threats to and vulnerabilities of California’s critical energy infrastructure by the use of GenAI.” The E.O. also requires that the State issue “general guidelines for public sector procurement, uses, and required training for use of GenAI,” and consider pilots of GenAI projects to be tested in “sandboxes.” Lastly, the E.O. directs the State to pursue a formal partnership with certain California higher education institutions to study the impacts of GenAI and support its safe growth.
Biden E.O. labels China as a country of concern; Treasury issues ANPR
On August 9, the White House announced that President Biden signed an Executive Order on Addressing United States Investments In Certain National Security Technologies and Products In Countries of Concern (E.O.). The President explained his view that some countries create national security risks by using particular technologies to advance their “military and defense industrial sectors” rather than civilian and commercial sectors. Biden stated that although open global capital flows substantially benefit the U.S., the E.O. stated that certain investments may “accelerate and increase the success of the development of sensitive technologies and products in countries that develop them to counter United States and allied capabilities.” The E.O. directs the Secretary of the Treasury to issue regulations that (i) prohibit U.S. persons from participating in specific transactions associated with particular technologies and products that present a significant and urgent risk to national security; and (ii) mandate U.S. persons to notify the Treasury about different transactions related to specific technologies and products that may contribute to the national security threat. The annex to the E.O. identifies China, including Hong Kong and Macau, as the sole nation warranting concern. The E.O. also requires the Secretary to communicate with Congress and the public regarding the E.O., consult with other agency leaders, assess whether to amend the regulations within one year, and provide reports to the President and Congress.
The Treasury simultaneously issued an Advance Notice of Proposed Rulemaking, requesting public comment on the implementation of the E.O., along with proposed definitions of key terms, before the program goes into effect. Written comments may be submitted within 45 days here.
OFAC adds regulations on Chinese military companies and WMDs
On February 15, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced that it is adding regulations to implement a November 2020 Executive Order (E.O.), which is related to securities investments that finance Communist Chinese military companies, as amended by a June 2021 E.O. related to the Chinese military-industrial complex and Chinese surveillance technology. As previously covered by InfoBytes, President Biden issued E.O. 14032, “Addressing the Threat from Securities Investments that Finance Communist Chinese Military Companies.” The E.O. took additional steps pursuant to the national emergency declared pursuant to E.O. 13959 (covered by Infobytes here), including the threat posed by the military-industrial complex of the People’s Republic of China (PRC) and “its involvement in military, intelligence, and security research and development programs, and weapons and related equipment production under the PRC’s Military-Civil Fusion strategy.” According to OFAC, with respect to the recent regulations, the agency “intends to supplement these regulations with a more comprehensive set of regulations, which may include additional interpretive guidance and definitions, general licenses, and other regulatory provisions.” The regulations took effect February 16.
Additionally, OFAC announced that it is publishing an amendment to the Weapons of Mass Destruction Proliferators Sanctions Regulations “to revise an existing general license authorizing the provision of certain legal services and add a general license authorizing payments for legal services from funds originating outside the United States.” (Covered by InfoBytes here.) The amendment also took effect February 16.
HUD to “fully enforce” prohibition against sex- and gender-based discrimination
On February 11, HUD announced that it will administer and enforce the Fair Housing Act (FHA) to prohibit discrimination on the basis of sexual orientation and gender identity, in response to President Biden’s Executive Order (E.O.) 13988. According to a memorandum issued by HUD’s Acting Assistant Secretary for Fair Housing & Equal Opportunity (FHEO), the E.O. directs federal agencies to assess actions taken under federal statutes that “prohibit sex discrimination and to fully enforce those statutes to combat discrimination based on sexual orientation and gender identity,” in response to the recent Supreme Court opinion in Bostock v Clayton County (holding that prohibitions against sex discrimination in the workplace contained in Title VII of the Civil Rights Act of 1964 extend to and include discrimination on the basis of sexual orientation and gender identity). The memorandum notes that “the [FHA’s] sex discrimination provisions are comparable in text and purpose to those of Title VII of the Civil Rights Act,” thus HUD intends to enforce the FHA to prevent and combat similar discrimination. The memorandum directs HUD’s Office of Fair Housing and Equal Opportunity to, among other things, (i) “accept and investigate all jurisdictional complaints of sex discrimination, including discrimination because of gender identity or sexual orientation…”; (ii) “conduct all activities involving the application, interpretation, and enforcement of the [FHA]’s prohibition on sex discrimination consistent with its conclusion that such discrimination includes discrimination because of sexual orientation and gender identity”; and (iii) ensure FHEO regional offices and other associated agencies review, within 30 days, all allegations of alleged discrimination based on gender identity or sexual orientation received since January 20, 2020.