Last week, the CFPB took three actions demonstrating the agency’s continued focus on technology companies and personal financial data protection. First, the CFPB issued an interpretive rule explaining the CFPB’s view that many digital marketing providers may be “service providers” subject to the CFPB’s supervisory authority under the Consumer Financial Protection Act (“CFPA”), including its authority to address unfair, deceptive, or abusive acts or practices (“UDAAP”). Second, the CFPB issued a circular explaining that insufficient data protection or information security by covered persons and service providers is an unfair act or practice under the CFPA. Finally, the CFPB announced an enforcement action against a FinTech company whose algorithm led to deceptive acts or practices in violation of the CFPA. Individually and collectively, these actions demonstrate the CFPB’s continued focus on the potential risks to consumers presented by certain financial technology-related advancements, including specifically algorithmic decision-making and digital advertising. They also reflect the agency’s ongoing emphasis on the potential misuse and abuse of personal financial data, in particular by technology companies.