<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=5678177&amp;fmt=gif">

Plaid’s Checkered Approach to Data Privacy Could Result in Big CCPA Fines

‍San Francisco-based FinTech company Plaid helps companies connect their customer’s financial data to apps and services. Plaid’s software is embedded in apps such as Venmo to add functionality that the participating apps do not provide themselves. While Plaid aims to provide its customers with seamless financial transactions, one of the first private action lawsuits to arise in the wake of the  California Consumer Privacy Act (“CCPA”) claims that its approach to data privacy is ethically bankrupt.

The lawsuit alleges that Plaid violated a number of data privacy statutes including CCPA by not providing users with the required notice before collecting and using their personal information. The Plaintiff in the case alleges that Plaid collects and mines user data without legally required consent or disclosure. The Plaintiff charges that Plaid is not “truly committed to building products that are in consumer’s best interest.”

The Plaintiff alleges Plaid’s “fine-print click-through” disclosure is insufficient, misleading and illegal, as the text is smaller than other text on the screen, appears in a light color that is more difficult to read than the other text on the screen, and a user would not know that this text contains a link to Plaid’s privacy policy unless she were to actually click on it. Also, the screen contains no requirement that the user must review (or even scroll through) the privacy policy before clicking “Continue”. The Plaintiff alleges that Plaid is knowingly mismanaging data, as its approach in Europe is different, due to  GDPR protocols.

Sound familiar? This is an approach to various types of consent collection and management where companies “force” users to accept their terms and conditions to use a platform (often through a cookie wall or the like), or other mechanisms that are misleading and/or opaque. This is very typical of a lot of companies’ approach to obtaining consent (explicit or implied) from website visitors, and this case may be a sign of what’s to come when it comes to CCPA enforcement.

What can your company do to not find yourself in Plaid’s predicament? Your first step is to implement appropriate data privacy compliance software to ensure that you’re staying on the safe side of regulations, whether they’re in California, Europe, or anywhere else. Clym can help you get there quickly for a low monthly fee.  Contact us today to learn more.

Otherwise, your customers, like Plaid’s, may feel like you’re trying to pull the wool over their eyes.