Today, the Consumer Financial Protection Bureau (CFPB or Bureau) filed its decision to withdraw the proposed rule titled “Protecting Americans from Harmful Data Broker Practices (Regulation V)” in the Federal Register. The rescission is scheduled to be published tomorrow. This withdrawal marks a significant shift in the Bureau’s approach to regulating data brokers and other updates to Regulation V under the Fair Credit Reporting Act (FCRA).

The proposed rule, initially published on December 13, 2024, aimed to redefine key terms and expand the scope of the FCRA to improperly include data brokers as consumer reporting agencies (CRAs) as well as make other amendments to Regulation V, including with regards to permissible purpose and disputes. However, the Bureau has now determined that rulemaking is not necessary or appropriate at this time.

In our previous blog post, we delved into the CFPB’s ambitious proposal to expand the FCRA’s reach. The proposal included redefining “consumer report” to encompass a broader range of data, potentially complicating the landscape for companies which would need to navigate these new definitions and ensure compliance. Moreover, the rule sought to impose stringent requirements and restrictions on the permissible purposes for obtaining consumer reports as well as imposing new obligations on dispute handling.

The decision to withdraw the rule follows numerous concerns raised by commenters regarding its alignment with the FCRA and the Bureau’s statutory authority. The CFPB acknowledges that these concerns require careful consideration and has decided not to proceed with finalizing the rule. Instead, the Bureau will revisit the need for such a rule in the future, should it become necessary.

While the term data broker is antiquated and long sense lost any real meaning, companies which fall within the various statutory definitions need to remain vigilant. Troutman Pepper Locke is tracking activity by attorneys general, legislatures, and private litigants.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of David N. Anthony David N. Anthony

David Anthony handles litigation against consumer financial services businesses and other highly regulated companies across the United States. He is a strategic thinker who balances his extensive litigation experience with practical business advice to solve companies’ hardest problems.

Read more about David N. AnthonyDavid N.'s Linkedin Profile
Photo of Stefanie Jackman Stefanie Jackman

Stefanie takes a holistic approach to working with clients both through compliance counseling and assessment relating to consumer products and services, as well as serving as a zealous advocate in government inquiries, investigations, and consumer litigation.

Read more about Stefanie JackmanStefanie's Linkedin Profile
Photo of Ethan G. Ostroff Ethan G. Ostroff

Ethan’s practice focuses on financial services litigation and compliance counseling, as well as digital assets and blockchain technology. With a long track record of successful litigation results across the U.S., both bank and non-bank clients rely on him for comprehensive advice throughout their

Ethan’s practice focuses on financial services litigation and compliance counseling, as well as digital assets and blockchain technology. With a long track record of successful litigation results across the U.S., both bank and non-bank clients rely on him for comprehensive advice throughout their business cycle.

Read more about Ethan G. OstroffEthan G.'s Linkedin Profile
Show more Show less
Photo of Kim Phan Kim Phan

Kim is a partner in the firm’s Privacy + Cyber Practice Group, where she is a privacy and data security attorney, who also assists companies with data breach prevention and response, including establishing effective security programs prior to a data breach and the

Kim is a partner in the firm’s Privacy + Cyber Practice Group, where she is a privacy and data security attorney, who also assists companies with data breach prevention and response, including establishing effective security programs prior to a data breach and the assessment of breach response obligations following a breach.

Read more about Kim PhanKim's Linkedin Profile
Show more Show less
Photo of Ronald I. Raether, Jr. Ronald I. Raether, Jr.

Ron leads the firm’s Privacy + Cyber team. Drawing from nearly 30 years of experience, he provides comprehensive services to companies in all aspects of privacy, security, data use, and risk mitigation. Clients rely on his in-depth understanding of technology and its application

Ron leads the firm’s Privacy + Cyber team. Drawing from nearly 30 years of experience, he provides comprehensive services to companies in all aspects of privacy, security, data use, and risk mitigation. Clients rely on his in-depth understanding of technology and its application to their business to solve their most important challenges — from implementation and strategy to litigation and incident response. Ron and his team have redefined the boundaries of typical law firm privacy and cyber services in offering a 360 degree approach to tackling information governance issues. Their holistic services include drafting and implementing bespoke privacy programs, program implementation, licensing, financing and M&A transactions, incident response, privacy and cyber litigation, regulatory investigations, and enforcement experience.

Read more about Ronald I. Raether, Jr.Ronald I.'s Linkedin Profile
Show more Show less
Related Posts
DebtBuyers_972743674
Illinois Passes Bill Prohibiting Collection of Coerced Debt
June 11, 2025
 Second Circuit Explains Reasonable Investigation Standard in Identity Theft Case Under FCRA
June 5, 2025
 April 2025 Consumer Litigation Filings: Everything Down
June 2, 2025