2024 was another year of substantial legislative and regulatory advances at the international, federal, and state levels with regard to data protection law. Artificial intelligence (AI) regulation continued to hurdle forward with several key advancements, such as the adoption of the European Union’s Artificial Intelligence Act (“EU AI Act”) and a growing number of state AI bills in the US. The Federal Trade Commission (FTC) continued to flex its enforcement authority over data privacy and cybersecurity violations, paying special attention to claims companies made about their AI capabilities and other uses of AI the agency alleged to be “unfair.” Protecting sensitive data was a main priority for the FTC and the Department of Justice (DOJ)—the former focusing on data brokers’ collection of genetic data, consumer web data, and location data, while the latter focused on national security and issues related to US data transfers to “countries of concern.” Meanwhile, state legislatures, regulators, and attorneys general (AGs) continued to churn out comprehensive privacy laws, promulgate rules, and pursue enforcement actions.
In the past, financial institutions and FinTechs competed with one another, jostling for clients’ accounts, loyalty and debit card spending.
Times have changed, Velera Vice President of Innovation Vlad Jovanovic told PYMNTS. There’s now a collaborative mindset between traditional financial institutions, particularly credit unions, and purely digital upstarts to work together to bring financial services innovations to the masses.
As the Consumer Financial Protection Bureau (CFPB or Bureau) anticipates a shift in its leadership with the incoming administration of President Trump, the Bureau has released a report titled “Strengthening State-Level Consumer Protections.” This report appears to be a strategic move by the CFPB to influence state-level consumer protection laws before the anticipated shift in federal regulatory policy, and the Bureau’s recommendations appear to be items that would need to be the subject of legislation, if they are to occur. As detailed below, the changes advocated by the CFPB would strengthen the position of both state regulators and private plaintiffs in actions against industry participants.
In an effort to foster innovation in financial services, the CFPB is reinstituting its programs that allow companies to obtain regulatory safe harbors through no-action letters and sandboxes to test new products and services.
The Federal Trade Commission will require web hosting company GoDaddy to implement a robust information security program to settle charges that the company failed to secure its website-hosting services against attacks that could harm its customers and visitors to the customers’ websites.