The U.S. government has quietly dropped a key initiative to safeguard your personal information, essentially granting data brokers free rein to continue selling highly sensitive data—such as your Social Security number, credit score, and precise location—often without your knowledge or permission.
The Consumer Financial Protection Bureau (CFPB) had been developing a rule that would require data brokers to get your permission before selling this information. Proposed under former CFPB director Rohit Chopra, the regulation aimed to apply the same privacy standards that govern credit bureaus to the booming, largely unregulated data broker industry.
But on Tuesday morning, acting CFPB director Russell Vought formally pulled the proposal. In a low-key notice in the Federal Register, Vought explained that the rule no longer conformed to the agency’s new interpretation of the Fair Credit Reporting Act. No press conference. No formal announcement. Just silence.
Privacy activists and national security officials quickly expressed alarm. “Russell Vought is reversing years of bipartisan effort to support the predatory spying on Americans,” said Sean Vitka, executive director of Demand Progress.
The move came after a letter from the Financial Technology Association (FTA)—a heavyweight lobby group made up of banks, lenders, and fintech companies—encouraging the CFPB to drop the rule. The FTA said the regulation had the potential to slow attempts at stopping financial fraud.
Most Americans have no idea that data brokers are quietly behind the scenes assembling gigantic digital dossiers that track everything from your buying behavior to your political views. They are purchased and sold with scant oversight.
In a single high-profile incident, the Texas Attorney General charged Arity—a company owned by Allstate—with selling driving records from more than 45 million Americans without permission. Another broker, Gravy Analytics, was hit with a significant data breach that potentially shared the movements of politicians and military personnel.
This is not merely a matter of privacy. It’s a matter of bodily safety and national security. Data broker-powered people-search sites are used by domestic abusers to stalk their victims. Foreign adversaries can buy U.S. service members’ data and use it for coercion, blackmail, or stalking. A 2023 study funded by West Point concluded the data broker network is a direct threat to national security.
With the CFPB’s regulation now dead, the status quo holds:
Scam calls, phishing texts, and spam emails will keep on coming.
U.S. military personnel and intelligence professionals are still at risk of foreign tracking.
Your personal data can still be purchased and weaponized by adversary nations.
Abuse survivors can have their private information more accessible than ever before.
Insurance companies can utilize data quietly collected to trigger rate increases—without you even knowing.
Veterans and privacy groups are calling for accountability. Naveed Shah, a veteran of the Iraq War and political director at Common Defense, denounced the action: “For the benefit of military families and our national security, the administration needs to change direction.”
Caroline Kraczon, a consumer protection fellow at the Electronic Privacy Information Center, dubbed the rollback “another assault in the administration’s war on consumers.
The CFPB itself is also being dismantled. More than 1,400 workers were cut last month and only 300 remain. The firings are part of a larger federal shake-up spearheaded by Elon Musk’s Department of Government Efficiency (DOGE). Musk has publicly called on President Trump to close the CFPB altogether.
As watchdogs disappear, Americans are left vulnerable. Private information will keep being sold and purchased. The individuals who were responsible for keeping your privacy safe? Let go. And the individuals making money off of your online activity? Booming.
The bottom line: your private information is still up for sale and now, the enforcer who was meant to keep it under their wing has backed down.