On October 21, 2021, the Consumer Financial Protection Bureau (CFPB) announced that it has issued orders to collect information about the business plans and practices of multiple large technology companies operating payment systems in the United States. Notably, these orders were issued pursuant to the CFPB’s rulemaking authority under Dodd-Frank Section 1022, rather than its enforcement or supervisory authorities—the more commonly exercised powers for compulsory process. Through these orders, the CFPB is seeking to collect information and gain an understanding how big tech companies use and manage personal payments data. Specifically, the orders compel information regarding the companies’ purported data harvesting and monetization of payment data, as well the companies’ access restrictive access policies and how they may affect personal and business choice. In issuing the orders, the CFPB also announced that it plans to study the payment system practices of foreign tech companies.
The CFPB noted that its efforts seek to build on those of the Federal Trade Commission (FTC) in examining the business practices of the largest technology companies in the world. Although CFPB Director Rohit Chopra acknowledged that “[f]aster, friction-less, and cheaper payment systems” offer many potential benefits, he cautioned that big tech companies are “eagerly expanding their empires to gain greater control and insight into our spending habits.” The CFPB’s announcement made clear that these orders are just the beginning of the CFPB’s inquiry into large tech companies, and that payment processing systems will continue to be an area of focus for the Bureau.