Comment letter urges regulatory clarity to promote consumer protection and responsible innovation in financial services

Washington, D.C. (February 20, 2025) – The American Fintech Council (AFC), the premier industry association representing responsible fintech companies and innovative banks, today submitted a comment letter to the California Privacy Protection Agency (CPPA) regarding its proposed rulemaking to update the California Consumer Privacy Act (CCPA), including consumer privacy and automated decision-making technology (ADMT) regulations. AFC supports strong privacy and data protections and praised aspects of the proposed rule, while also urging CPPA to refine key provisions to ensure fintech companies can continue to offer secure and innovative financial products without unnecessary operational burdens.

"The CPPA’s proposed rule represents an important step in ensuring consumer protections in the digital economy, but it must also consider the practical realities of responsible financial innovation," said Phil Goldfeder, CEO of the American Fintech Council. "Regulations should promote transparency and accountability while allowing responsible fintech companies to continue delivering safe, efficient, and inclusive financial products. We encourage the CPPA to refine its approach to ADMT and privacy requirements to ensure that well-intended provisions do not inadvertently restrict access to essential financial services."

In their letter, AFC outlined concerns with ambiguous compliance requirements and operational challenges introduced by the proposed regulations. The requirement for businesses to estimate the number of consumers affected by ADMT could create problems, particularly for lenders entering new markets that may not have precise data in advance. Additionally, the rule’s data-sharing provisions lack clarity on what level of detail businesses must provide to partners, creating potential compliance challenges. The proposed cost-benefit analysis for assessing whether risks to consumer privacy outweigh benefits is also vague, leaving businesses uncertain about how to comply. Furthermore, requiring companies to delete data used in ADMT training models could limit their ability to refine underwriting and risk assessments, making it more difficult to provide responsible financial products to consumers.

"The fintech industry is committed to responsible artificial intelligence solutions, data usage, and consumer protection, but the proposed rule creates significant ambiguity that could hinder innovation and limit access to essential financial services," said Ian P. Moloney, SVP and Head of Policy and Regulatory Affairs at AFC. "We strongly encourage CPPA to provide additional guidance on compliance expectations, particularly around risk assessments, data sharing, and ADMT training models, to ensure a balanced approach that fosters both privacy and financial inclusion."

A standards-based organization, AFC is the premier trade association representing the largest financial technology (Fintech) companies and innovative banks offering embedded finance solutions. AFC’s mission is to promote a transparent, inclusive, and customer-centric financial system by supporting responsible innovation in financial services and encouraging sound public policy. AFC members foster competition in consumer finance and pioneer products to better serve underserved consumer segments and geographies.

‍

‍