A new draft bill from House Financial Services Ranking Member Patrick McHenry, R-N.C., lays the groundwork for how the GOP will tackle financial data privacy if the party wins back the majority in the chamber this November.
The discussion draft, shared exclusively with CNBC, would modernize a financial data protection law known as the Gramm-Leach-Bliley Act to cover data aggregators in addition to financial institutions and require more transparency with customers. Such changes could end up applying to fintech companies like Plaid or Intuit’s Mint.
The text comes on the same day that lawmakers on the House Energy and Commerce Committee marked up the American Data Privacy and Protection Act, a new bipartisan framework that has launched digital privacy back into the limelight just as Congress prepares to wrap up for its August recess. While the push for a federal privacy law has had many stops and starts in the past, the new text provided a renewed spark behind the effort as it included compromises on key issues that had previously stalled talks.
The draft aims to update a targeted part of the law and broaden it so it would remain relevant even in the face of further innovation, according to a senior Republican staffer for the Financial Services Committee not authorized to speak on the record.
“We didn’t want to start with a really prescriptive and restrictive model that’s going to prevent developers from building a new app or fine-tuning your app, creating new products,” the staffer said. “But we wanted to make sure that consumers had all of the information to make smart choices about what they are willing to share and what they are not willing to share.”
The discussion draft would require the financial institutions to tell customers when their nonpublic personal information is being collected, not just when it’s being disclosed to third parties.
It also would allow consumers to tell financial institutions and data aggregators to stop collecting their data or delete the data they have. In addition, it would expand the definition of personally identifiable nonpublic information subject to the law and companies covered by the bill would have to give consumers the ability to opt out of data collection if it isn’t necessary to provide service.
The draft bill allows for federal agencies to create rules that take into consideration the potentially higher burden of compliance on smaller firms. It would also preempt state law to create a national standard, something that some Democrats have rejected in other privacy discussions because they see the states as important places to expand protections on top of federal law.
“This proposal will modernize the current framework to better align with evolving technology and protect against the misuse or overuse of consumers’ personal information,” McHenry said in a statement. “I look forward to continuing to work with my colleagues on this discussion draft to secure Americans’ privacy without strangling innovation.”