Thank you for the response — I know you're likely very restricted in what you can say here, but:
You just settled a claim that you sold customer transaction histories, and from the article linked, the plaintiffs' lawyers claim that you have agreed to implement meaningful business practice changes to remediate these issues.
(1) If you've never sold transaction histories, why settle a lawsuit alleging that you sold transaction histories?
(2) What meaningful business practice changes could you be making if there's no issue to begin with?
(I'm relying on the article here as a source of truth).
You’re right that I can’t write much (legal, PR team say hello).
The bottom line point is, we don’t sell data and that’s not the main allegation. The main allegation is that people didn’t understand that we were part of the flow of connecting banks to apps. We disagree.
Before 2017, there was a whitelabel experience of Plaid that didn’t say “Plaid”, didn’t have the Plaid logo, etc. We still stand by our belief that our disclosures at the time were more than adequate. But it’s not something we want to have protracted litigation around.
The reality is that our experience today is vastly different (and has been for a while). As for “what meaningful business practice changes could you be making if there's no issue to begin with.” Like most companies, we’re always making improvements to our experience -- today we have a consent pane that makes our role clear, a portal for people to manage their data, etc.
> Plaid would retain access to their credentials and use them to mine, aggregate and then sell users’ financial transaction data to third parties (including to the fintech apps that use its services) for purposes unrelated to the plaintiffs’ use of the fintech payment apps. [1]
This is allegedly from the lawsuit. I can see your perspective — that it made sense to settle because of the privacy accusation, but you still deny the other accusations. I understand that perspective, though as I'm sure you can understand, it's hard to know for sure based on the allegations and the settlement.
Pre-2017 Plaid was awesome. You were able to just feed in a username and password of a bank account you collected with your own UI and it would spit out its transactions.
IANAL and have no affiliations to Plaid. My takeaway from the article and [0] is that Plaid violated privacy laws because they provided insufficient disclosure with respect to the collected data, not that they are selling data to third parties.
(IANAL either) I understand and agree that part of the issue is that they, allegedly, underhandedly collected this data. My question is focused around the potential selling of that data, which took place according to the lawsuit and was likely the reason to collect the data.
From the article you linked:
> Plaid would retain access to their credentials and use them to mine, aggregate and then sell users’ financial transaction data to third parties (including to the fintech apps that use its services) for purposes unrelated to the plaintiffs’ use of the fintech payment apps.
> My question is focused around the potential selling of that data, which took place according to the lawsuit and was likely the reason to collect the data.
They would kind of have to be idiots to do so, to be quite frank.
Up until like a year ago, their baseline product was $500 / mo plus $x / user after 100 users (iirc) with a 12 month contract.
Plaid has basically no competition, is worth billions and was almost acquired if not for an anti-trust suit.
I am not sure how Plaid or its founders would benefit financially by betraying the trust of their customers and their customers' customers by getting a few cents per record out of it.
> Plaid would retain access to their credentials and use them to mine, aggregate and then sell users’ financial transaction data to third parties (including to the fintech apps that use its services) for purposes unrelated to the plaintiffs’ use of the fintech payment apps.
People's hatred / mistrust of Plaid stems for a misunderstanding of what Plaid is.
Yes, Plaid does """sell""" that information... to the app that you willfully gave permission to, information like cash flow, debt, types of debt, etc.
Oh, also, if people are so terrified of Plaid, they should write to the Congresspeople and ask them to write a bill to force banks to write & provide REST APIs. The lack of banking APIs is the only reason Plaid exists and has to resort to scraping or storing banking information.
> Oh, also, if people are so terrified of Plaid, they should write to the Congresspeople and ask them to write a bill to force banks to write & provide REST APIs.
Why REST? Yes, I’d certainly rather call rest APIs than, say SOAP APIs, but do really want Congress specifying that much technical detail?
I haven't used Plaid and I haven't read the litigation, but it seems the following scenario may have happened:
1) Users use Plaid to buy/sell with a variety of vendors and banks
2) Vendors and banks were aware that specific users were buying /selling because they were buying/selling their products
3) Users consented to #2 because they were buying/selling their products
4) Plaid provided aggregated reports that said "5% of your customers also shopped on Amazon"
You just settled a claim that you sold customer transaction histories, and from the article linked, the plaintiffs' lawyers claim that you have agreed to implement meaningful business practice changes to remediate these issues.
(1) If you've never sold transaction histories, why settle a lawsuit alleging that you sold transaction histories?
(2) What meaningful business practice changes could you be making if there's no issue to begin with?
(I'm relying on the article here as a source of truth).