What is big tech intending to do with all the data that it gathers from consumers’ purchases? Better yet, since much of this isn’t a new activity, what has it been doing with the data? That’s what the Biden administration wants to find out via the newly reinvigorated Consumer Financial Protection Bureau.
Financial institutions may applaud the sweeping investigation — and at least two banking trade groups have done so publicly — but this dragnet could just as easily be used to explore bank data practices.
Ever since the now-clichéd phrase “Data is the new oil” was first uttered it’s been pretty obvious that many organizations intended to profit from their data gathering directly or by selling insights based on people’s payment patterns. Other clichés, such as, “If you aren’t paying for the product, then you are the product,” have come to be givens in the age of ecommerce.
Indeed, before Google pulled the plug on its original conception of its Google Plex partnerships with banks and credit unions, commentators frequently said the program wasn’t about Google getting into banking at all, but was about mining the data that consumer financial accounts would yield.
Given the fact that new Consumer Financial Protection Bureau Director Rohit Chopra has a history of distrusting big tech from his time as a member of the Federal Trade Commission, it’s likely that the bureau has a pretty good idea of what big tech companies are after with payments data.
What the bureau wants is a big, deep scoop of information from all the major big tech players that are active in payments that it can use to go into audit-level detail.
In October 2021 CFPB issued “market monitoring orders” to six big techs asking how they gather data used by payments channel customers, what they do with it, and how they manage access to the data.
“Little is known publicly about how big tech companies will exploit their payments platforms. For example, will the operators engage in invasive financial surveillance and combine the data they collect on consumers with their geolocation and browsing data? Will they in turn use this data to deepen behavioral advertising, engage in price discrimination, or sell to third parties?”
— Rohit Chopra, CFPB
Read More: CFPB’s New Director is No Fan of Banks
Digging Deep into Big Techs’ Payments Channels and Third-Party Relationships
This inquiry draws on special powers granted to the bureau under the Dodd-Frank Act, giving it the ability to delve into activities not under its everyday supervisory functions: “The bureau will have the authority to gather information from time to time regarding the organization, business conduct, markets, and activities of persons operating in consumer financial services markets.”
The bureau is seeking answers at a detail level similar to bank examinations. The Act also allows the bureau to publish information gathered in the course of inquiries, though it must also address confidentiality issues.
A Plethora of Questions:
Questionnaires running 17 pages, at a level of detail reminiscent of a subpoena, went to each big tech.
The six companies:
- Amazon (Amazon Pay and branded credit cards).
- Apple (Apple Card, Apple Pay and its entrance into buy now, pay later financing).
- Facebook (Novi).
- Google (Google Pay).
- PayPal (its growing family of products, including the “superapp” it is building and P2P player Venmo).
- Square, which has its hand in business and consumer payments and now also owns an industrial bank.
Besides answers to the document’s specific queries, the companies are being asked to provide copies of relevant company policies and manuals. The document asks questions regarding the role of third parties in payments products. In addition, all documents, from presentation decks to memos, related to development of payments products at the company are also being requested, including materials relating to future plans.
The questionnaire also gets into how businesses are using the tech companies’ payment channels, including the role of discounts, promotions and other benefits used to encourage use of the services.
A key section seeks information on how data is used and how it is combined with other company data and external data and why the company is harvesting such data in the first place.
Other sections dig into monetization and sharing of data by the company.
The CFPB project will also examine data gathering by Chinese firms. “In China, we can already see the long-term implications of these forces,” Chopra stated. “Alipay and WeChat Pay are deeply imbedded into the lives of the Chinese public, combining messaging, e-commerce and payment functionality into super-apps. In such a market, consumers have little choice but to use these apps and little market power to shape how their data is used.”
Read More about the Washington Scene:
- Will Regulators ‘De-Bank’ Neos, Cryptos & Fintechs?
- Bank Regulator Sees Cryptocurrency Innovation Creating ‘Fool’s Gold’
Reactions to CFPB’s Queries from Ecommerce and Banking Groups
None of the six big techs issued statements regarding the bureau inquiry. Observers have suggested that the Dec. 15, 2021, deadline for providing all answers isn’t much time and that the companies will likely seek an extension.
The Electronic Transactions Association represents most of the six companies and concentrated on data security in commenting. “The digital transactions industry has a good story to tell about its efforts to protect consumer data,” the association stated.
The Bank Policy Institute said it “strongly supports the CFPB’s efforts to increase accountability from big tech companies operating payment systems in the United States by calling on these companies to be transparent about how they collect, use and sell consumer data to ensure compliance with existing consumer protection laws.”
The Consumer Bankers Association greeted the announcement, stating that “a growing share of banking activity has occurred outside of the purview of leading regulators, putting consumers and the resiliency of the financial system at risk.”