GOP bill would tighten rules for financial firms using customer information

Representative Patrick McHenry, a Republican from North Carolina and a senior member of the House Financial Services Committee, speaks during a hearing in Washington, D.C.

Andre Harrer | Bloomberg | Getty Images

A new bill from House Financial Services Ranking Member Patrick McHenry, R.C., lays the groundwork for how the GOP will address financial privacy if the party regains a majority in the House in November .

The draft discussion, shared exclusively with CNBC, would modernize a financial data protection law known as the Gramm-Leach-Bliley Act to cover data aggregators in addition to financial institutions and require more transparency with customers. Such changes could end up applying to fintech companies like Plaid or Intuit’s Mint.

The text comes the same day lawmakers on the House Energy and Commerce Committee annotated the US Data Privacy and Protection Act, a new bipartisan framework that has put digital privacy back in the spotlight. ramps up as Congress prepares to wrap up its August recess. . While the push for a federal privacy law has seen many stops and starts in the past, the new text provided a renewed spark behind the effort as it included compromises on key issues. who had previously stalled the talks.

The project aims to update a targeted part of the law and expand it so that it remains relevant even in the face of new innovations, according to a senior Republican official on the Financial Services Committee not authorized to speak officially.

“We didn’t want to start with a really prescriptive, restrictive model that would prevent developers from creating a new app or refining your app, creating new products,” the staffer said. “But we wanted to make sure consumers had all the information they needed to make wise choices about what they’re willing to share and what they’re not.”

The draft discussion would require financial institutions to notify customers when their nonpublic personal information is collected, not just when it is disclosed to third parties.

It would also allow consumers to tell financial institutions and data aggregators to stop collecting their data or delete the data they have. In addition, it would broaden the definition of non-public personally identifiable information subject to the law and companies covered by the bill would have to provide consumers with the ability to opt out of data collection if it is not necessary to provide a service.

The bill allows federal agencies to create rules that take into account the potentially higher compliance burden for small businesses. It would also prevent state law from creating a national standard, which some Democrats have rejected in other privacy discussions because they see states as important places to expand protections on top of federal law.

“This proposal will modernize the current framework to better align with evolving technology and protect against misuse or overuse of consumers’ personal information,” McHenry said in a statement. “I look forward to continuing to work with my colleagues on this discussion project to protect Americans’ privacy without stifling innovation.”

Subscribe to CNBC on YouTube.

WACH: What you know about passwords may be wrong

Lance B. Holton