The Consumer Financial Protection Bureau (CFPB) is navigating a complex landscape after receiving over 14,000 public comments on its proposed open banking rule. The feedback, submitted in response to the regulation under Section 1033 of the Dodd-Frank Act, reveals a stark disagreement between financial institutions, fintech innovators, and consumer advocates over the control and security of personal financial data.

The proposed rule is designed to grant consumers greater access to and control over their own financial information, allowing them to share it with third-party applications. The massive volume and conflicting nature of the comments underscore the high stakes involved in establishing a new standard for data sharing in the U.S. financial system.

The Argument for Expanded Data Access

Fintech companies and data aggregators were prominent voices advocating for broad, standardized access to consumer financial data. Their comments argued that open access is a critical component for driving competition and innovation in financial services, allowing for the creation of new tools for budgeting, lending, and payments. These groups pushed for the mandatory use of secure APIs (Application Programming Interfaces) to replace older, less secure methods like screen scraping. They also contended that banks should not be permitted to charge excessive fees for data access, as this could create barriers for smaller companies and limit consumer choice.

The Demand for Robust Security and Privacy Controls

On the other side, banks, credit unions, and their associated trade groups submitted comments that prioritized data security, fraud prevention, and clear liability standards. These institutions highlighted the significant risks of widespread data sharing, including the potential for cyberattacks and financial fraud. They called for the CFPB to establish clear rules determining who is financially responsible if a data breach occurs through a third-party app connected to a consumer’s account. Furthermore, banking organizations argued for the ability to charge reasonable fees to cover the substantial costs of developing and maintaining the secure infrastructure required for this new ecosystem.

Consumer protection groups also contributed, focusing their comments on the need for transparent consent processes and strict limitations on how consumer data can be used, shared, or sold by third parties.

Source: https://www.pymnts.com/news/banking/2025/14000-open-banking-rule-comments-highlight-deep-divides-over-privacy-and-access/