LOS ANGELES - The Consumer Financial Protection Bureau (CFPB) has withdrawn a proposed rule designed to limit how U.S. data brokers collect and sell Americans' sensitive personal information, the agency confirmed in a notice published Tuesday in the Federal Register.

The rule, titled "Protecting Americans from Harmful Data Broker Practices," would have required consent before data brokers could sell key information like credit history, income, or Social Security numbers. Originally introduced in December 2024 under former director Rohit Chopra, the rule was billed as an effort to close regulatory gaps in commercial surveillance.

Acting Director Russell Vought wrote that the proposal was being pulled due to "updates to Bureau policies" and a shift in how the agency currently interprets the Fair Credit Reporting Act (FCRA), which he said the CFPB is in the process of revising.

The decision comes after the bureau received over 600 public comments on the rule and follows lobbying from fintech industry groups, including the Financial Technology Association. In a letter sent Monday, the group argued the rule exceeded the agency's statutory authority and could hinder fraud detection by financial institutions.

The backstory:

Data brokers operate within a multibillion-dollar industry built around collecting and reselling detailed profiles of Americans, often without their knowledge or consent. These profiles can include location history, political and religious beliefs, and financial behavior.

The now-withdrawn rule sought to require data brokers to comply with standards similar to those imposed on credit reporting agencies. Under current law, most brokers fall outside the scope of the FCRA unless their data is used in credit, insurance, or employment decisions.

A 2023 study funded by the U.S. Military Academy at West Point warned that the unchecked sale of personal data posed a threat to national security, citing the ability of foreign actors to exploit sensitive information about U.S. military personnel.

In a statement provided to Wired, Sean Vitka, executive director of Demand Progress, said: "Russell Vought is undoing years of painstaking, bipartisan work in order to prop up data brokers' predatory, and profitable, surveillance of Americans."

What they're saying:

Naveed Shah, an Iraq War veteran and political director at Common Defense, said the decision to drop the rule puts service members and their families at risk.

"For the sake of military families and our national security, the administration must reverse course and ensure that these critical privacy protections are enacted," Shah said.

Caroline Kraczon, a fellow at the Electronic Privacy Information Center, added: "Data brokers inflict severe harm on individuals by degrading privacy, threatening national security, enabling scams and fraud, endangering public officials and survivors of domestic violence, and putting immigrant populations at risk."

What's next:

More than 1,400 CFPB employees were terminated last month as part of a broader reorganization under the Trump administration. Elon Musk, who heads the White House's Department of Government Efficiency, has advocated for the elimination of the CFPB entirely.

Vought, who also serves as director of the Office of Management and Budget, has not responded to questions about whether any replacement rules are being considered.