Credit: duyina1990/Adobe
A federal judge in Kentucky has granted a preliminary injunction blocking the Consumer Financial Protection Bureau’s Personal Financial Data Rights Rule, halting its implementation while the agency undertakes a new rulemaking process.
The rule, finalized in 2024 under the previous administration, was issued under Section 1033 of the Dodd-Frank Act and would have required financial institutions with more than $850 million in assets to provide consumer financial data to authorized third parties upon request. The Eastern District of Kentucky’s ruling effectively pauses the CFPB’s “open banking” framework, which aimed to expand consumer data portability across financial providers.
“Credit unions across the country are grateful for the court’s decision to block the 1033 rule while new rulemaking is underway,” Andrew Morris, director of innovation and technology at America’s Credit Unions, said. “The rule as written placed excessive burdens, unfair risk allocation and potential market distortion on credit unions already overburdened by regulatory requirements.”
The CFPB’s original version of the rule faced significant industry pushback over privacy, liability and compliance risks, particularly regarding third-party data access and cybersecurity. The new administration, taking office in January, moved to revisit the policy, issuing an Advance Notice of Proposed Rulemaking (ANPR) in August to solicit feedback for a revised framework.
In court filings this spring, the Trump administration argued that the prior rule was “unlawful and should be set aside.” Credit union trade groups, including America’s Credit Unions, have since filed additional comments recommending safeguards for consumer data and clearer risk-sharing standards for smaller financial institutions.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.