Privacy & Information Security Law Blog

On August 10, 2022, the Consumer Financial Protection Bureau (“CFPB”) issued a new interpretive rule clarifying when digital marketing providers must comply with federal consumer financial protection law. Under the new rule, Big Tech companies that use behavioral advertising techniques to market financial products will be subject to the Consumer Financial Protection Act of 2010 (“CFPA”).

A company is subject to the CFPA, and therefore prohibited from engaging in unfair, deceptive or abusive acts or practices, if it offers or provides a financial product or service for personal, family or household use by consumers. Service providers to these companies that provide a “material service” in connection with the offering or provision of a consumer financial product or service also are subject to the CFPA. Service providers that merely provide “time or space for an advertisement for a consumer financial product or service through print, newspaper, or electronic media” are exempt.

The CFPB’s new interpretive rule clarifies that, when digital marketing providers are materially involved in the development of content strategy, they provide a material service and therefore would be considered service providers subject to the CFPA. Under the rule, digital marketing providers are “materially involved in the development of content strategy” when they identify or select prospective customers or select or place content to affect consumer engagement, including purchasing or adoption behavior.

As an example, the CFPB provides that digital marketing providers qualify as service providers when they target and deliver advertisements to users with certain characteristics, regardless of whether the characteristics are specified by the company using the digital marketing provider. Similarly, a digital marketing provider is considered a service provider when a company identifies particular users by name and the digital marketing provider targets and delivers the advertisements to those users at specific times to increase or maximize engagement. Digital marketing providers also are characterized as service providers when they determine or suggest which users are the appropriate audience for advertisements. In the announcement of the rule, CFPB Director Rohit Chopra warned that Big Tech firms using behavioral targeting techniques to market financial products will now be within the scope of the CFPA, and highlighted the need for law enforcement authorities to hold these companies accountable. Under the CFPA, both the CFPB and states can bring enforcement actions against regulated companies that engage in unfair, deceptive or abusive practices.