On August 5, 2021, fintech services provider Plaid Inc. (“Plaid”) accepted a proposed settlement agreement to resolve a number of class-action lawsuits claiming that the company illegally collected and distributed users’ financial data without prior consent. Plaid is a provider of account linking and verification services for a number of popular fintech apps that consumers use to send and receive money from their financial accounts. Specifically, the plaintiffs alleged that Plaid used the banking login credentials provided by users to harvest data about the users’ financial transactions, which data was then sold to third parties without adequate notice or consent. Although Plaid’s privacy policy indicated that the company would receive and retain access to users’ financial institution account login credentials, with the ability to use such credentials to collect and sell banking information, the plaintiffs argued that at no time were users ever given conspicuous notice or meaningfully prompted to read the policy.
The settlement agreement provides that Plaid will create a $58 million settlement fund and alter its privacy and data collection practices, including implementing clear disclosures about Plaid’s role when users add financial accounts to their chosen fintech apps, clarifying their privacy policy and minimizing the categories of user information stored by Plaid. It’s estimated that 98 million individuals who used fintech apps supported by Plaid are eligible to participate in the settlement class.