Major settlement highlights need to disclose, seek consent for data use

Published on

Contributors

If you’ve ever felt uneasy about providing so much personal information to your phone apps, a $58 million settlement by Plaid Inc. this month makes clear those concerns are well founded.

A financial technology company with over 200 million customers worldwide, Plaid agreed to the settlement in order to resolve litigation brought by a class of users who accused it of exploiting their financial data without consent.

Users must connect Plaid to banking apps like Venmo and PayPal as part of its service, and plaintiffs allege the company “exploited its position as middleman” to obtain users’ bank credentials and other financial information, which they used to access user accounts and sell their transaction histories to third party buyers.

As part of the settlement, Plaid additionally agreed to delete “certain data” on users, to inform users about any intent to pass their data to third parties (while offering opt-outs,) and to minimize data stored on users overall.

Plaid’s lead counsel, Cooley LLP attorney Michael Rhodes, said in a statement that the settlement resolves claims stemming from the “earliest days of the company.”

“As such, the underlying claims and challenged conduct do not reflect today's Plaid," Rhodes said.

Any U.S. resident who opened a Plaid financial account between January 2013 and August 2021 is eligible for a cash payout.

This case should serve as a reminder to all businesses that it is essential to inform customers what the business plans to do with customers’ personal data and to obtain consent prior to using data in a manner not previously disclosed. In California, it is not just wise, it is the law. The CCPA requires prior disclosure regarding uses of data prior to the use.