<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=5678177&amp;fmt=gif">

Plaid’s Checkered Approach to Data Privacy Could Result in Big CCPA Fines

wood letter tiles spelling the word lawsuit

‍San Francisco-based FinTech company Plaid helps companies connect their customer’s financial data to apps and services. Plaid’s software is embedded in apps such as Venmo to add functionality that the participating apps do not provide themselves. While Plaid aims to provide its customers with seamless financial transactions, one of the first private action lawsuits to arise in the wake of the  California Consumer Privacy Act (“CCPA”) claims that its approach to data privacy is ethically bankrupt.

The lawsuit alleges that Plaid violated a number of data privacy statutes including CCPA by not providing users with the required notice before collecting and using their personal information. The Plaintiff in the case alleges that Plaid collects and mines user data without legally required consent or disclosure. The Plaintiff charges that Plaid is not “truly committed to building products that are in consumer’s best interest.”

The Plaintiff alleges Plaid’s “fine-print click-through” disclosure is insufficient, misleading and illegal, as the text is smaller than other text on the screen, appears in a light color that is more difficult to read than the other text on the screen, and a user would not know that this text contains a link to Plaid’s privacy policy unless she were to actually click on it. Also, the screen contains no requirement that the user must review (or even scroll through) the privacy policy before clicking “Continue”. The Plaintiff alleges that Plaid is knowingly mismanaging data, as its approach in Europe is different, due to  GDPR protocols.

Sound familiar? This is an approach to various types of consent collection and management where companies “force” users to accept their terms and conditions to use a platform (often through a cookie wall or the like), or other mechanisms that are misleading and/or opaque. This is very typical of a lot of companies’ approach to obtaining consent (explicit or implied) from website visitors, and this case may be a sign of what’s to come when it comes to CCPA enforcement.

What can your company do to not find yourself in Plaid’s predicament? Your first step is to implement appropriate data privacy compliance software to ensure that you’re staying on the safe side of regulations, whether they’re in California, Europe, or anywhere else.

Otherwise, your customers, like Plaid’s, may feel like you’re trying to pull the wool over their eyes.

How can Clym help with CCPA compliance?

Clym believes in striking a balance between digital compliance and your business needs, which is why we offer businesses the following:

  • All-in-one platform: One interface combining Privacy and Accessibility compliance with global regulations, at an affordable price;
  • Seamless integration into your website;
  • Adaptability to your users’ location and applicable regulation;
  • Customizable branding;
  • ReadyCompliance™: Covering 30+ data privacy regulations;
  • Six preconfigured accessibility profiles, as well as 25+ display adjustments that allow visitors to customise their individual experience.

You can convince yourself and see Clym in action by booking a demo or reaching out to us to discuss your specific needs today.