White House Withdraws Rule to Restrict Data Brokers Selling Americans’ Sensitive Information

In a significant policy reversal, a senior official from the Trump administration has scrapped a planned rule that would have restricted data brokers from selling Americans’ personal and financial information, including highly sensitive data such as Social Security numbers.

The Consumer Financial Protection Bureau (CFPB) initially announced in December 2024 its intention to close a loophole in the Fair Credit Reporting Act (FCRA), a federal law that governs the collection and use of Americans’ personal data by consumer reporting agencies such as credit bureaus and renter-screening companies.

The proposed rule would have treated data brokers like any other company covered under the FCRA, requiring them to comply with the law’s privacy protections. However, the rule was withdrawn early June 2025, as noted in the Federal Register.

Russell Vought, the CFPB’s acting director and also head of the White House’s Office of Management and Budget, stated that the rule was “not aligned with the Bureau’s current interpretation” of the FCRA, signaling a shift in regulatory stance.

Data brokers operate within a multibillion-dollar industry that collects and sells vast amounts of personal and financial information about Americans. This data is often sold without individuals’ explicit consent to other companies, law enforcement, and intelligence agencies.

The risks of such data collection are underscored by recent security breaches. In the past year alone, at least two data brokers suffered hacks that exposed millions of Social Security numbers and sensitive location data, compromising the privacy and safety of countless individuals.

In 2024, the Federal Trade Commission (FTC) took action against several data brokers, banning them from collecting and sharing data without permission following allegations of unlawful tracking.

Privacy advocates have long urged the government to use the FCRA to regulate data brokers more strictly. The recent cancellation of the CFPB’s rule comes shortly after the Financial Technology Association, representing banking and fintech interests, lobbied against the rule, arguing it would hinder fraud detection efforts.

This development highlights the ongoing tension between privacy protections and financial industry interests, raising important questions about how best to safeguard Americans’ sensitive data in an increasingly digital world.

As data breaches and unauthorized data sales continue to threaten personal privacy, the need for clear, enforceable regulations remains critical. Stakeholders from government, industry, and consumer advocacy groups must collaborate to develop balanced policies that protect individuals without stifling innovation.