Plaid to pay $58m to settle a class-action lawsuit centered on data privacy

Plaid agreed to pay $58m to settle a class-action lawsuit where consumers’ claimed that the financial technology company obtained and used bank account credentials and financial information without consent.

The case, filed in California, was a consolidation of five lawsuits brought by consumers in 2020 that alleged Plaid violated their privacy rights by accessing their bank account data without their knowledge.

The plaintiffs argued that clients, when connecting to their bank accounts via third-party apps like Venmo, were unaware of Plaid’s involvement in accessing and providing financial data to the apps. “The claims raised in the lawsuit do not reflect our practices,” a Plaid spokesperson said in a statement.

Each of the 11 consumers represented in the suit will receive $5,000, payable via ACH, physical checks, or PayPal/Venmo, reflecting the growing popularity of fintech apps, many of which are helped by Plaid and other data aggregators. The plaintiffs’ lawyers will earn $14.5m.

That leaves around $44m in settlement funds for the total class, which is estimated to be 98 million users in the US. Any remaining settlement funds will be donated to the Privacy Rights Clearinghouse and Consumer Reports.

The original suits alleged several violations of California regulations, including anti-phishing, competition, and fraud regulations. The suit also alleged Plaid sells users’ financial data, which Plaid said it does not. “We believe settlement of this matter is best in light of the cost and burden associated with protracted litigation,” the Plaid spokesperson said.

The Consumer Financial Protection Bureau is currently weighing rules that would establish consumers’ rights to access and permission their financial data.

In the settlement, Plaid agreed to provide details of the information it collects from people’s financial accounts, including a “plain-language list” of information it collects, reasons for collecting it and to explain the source and use of the information and who it’s being shared with.

Plaid also agreed to provide an explanation of its data deletion and retention policies, and to only store data that the user specifically requests or is needed. The company said it will provide a section explaining privacy controls users have for their data and to include a “prominent” reference to its Plaid Portal on its homepage and a dedicated page with information about its data security — which is currently at this page.

Plaid works behind the scenes, connecting third-party apps like Coinbase and Venmo with the financial data they need to run. The settlement comes as regulators and consumers show increased interest in privacy around financial data. As consumers’ financial lives grow beyond their primary banks, banks and third-party apps are increasingly sharing financial data, known as open banking. Conversations among regulators and consumers around how that data is managed and secured are also on the rise.

As part of the settlement, Plaid has committed to speeding up existing efforts around data security and consumer privacy. Plaid is also been building a dashboard for consumers to monitor and manage their data connections, Plaid Portal, which is expected to come out of beta later this year.

In 2020, Plaid publicly committed to migrating 75% of its data volumes to application programming interfaces, as opposed to screen scraping, by the end of 2021. That commitment still stands, and requires Plaid to sign data-sharing agreements with banks, which it already has with the likes of JPMorgan Chase and US Bank.

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst

Investors

The following investor(s) were tagged in this article.