American Banker: Lawsuit against Plaid heightens focus on data privacy issues

American Banker has this coverage of the data privacy class action lawsuit filed by Herrera Purdy against financial technology company Plaid Inc.:

Lawsuit against Plaid heightens focus on data privacy issues

By Penny Crosman

July 13, 2020, 2:00 p.m. EDT

Two California men have sued the data aggregator Plaid over alleged data privacy violations in a case that could have implications for firms that gather consumers’ bank account data and feed it to fintechs.

According to the complaint, the two plaintiffs — James Cottle in 2019 and Frederick Schoeneman in 2016 — separately signed up for Venmo to send and receive payments. In three of their accusations, they assert that Plaid obtained their banking credentials in a misleading way, accesses more bank account information than it needs for its current business model, and may ultimately look to sell their data to others.

. . .

Pam Dixon, executive director of the World Privacy Forum, said when she signed up for Coinbase, the cryptocurrency exchange and wallet provider, she was presented with screens that looked like an official authorization to her bank. She thought she was using an authorization standard called OAuth that some banks, including Bank of America, JPMorgan and Wells Fargo, use to authorize apps to use account data. . . .

“OAuth is a well-known, well-established best practices standard, and it’s the way you’re supposed to do these things,” Dixon said. “And they created an entirely fake one. I went through those screens and my perception of that was that it was OAuth because it was meant to look just like OAuth. I do think that there is a very serious argument that that was not a transparent use of screens for the consumer. There have to be clear, vibrant, in-your-face disclosures to consumers before authorization.”

Read the rest of the article here.