On August 5, 2021, a proposed class action settlement was reached in the closely followed privacy action against fintech services company Plaid Inc. (“Plaid”). The settlement includes a $58 million severance fund and injunctive relief that will make changes to Plaid’s notice and consumer data collection practices, including provisions requiring the deletion of certain bank transaction data. (In re Plaid Inc. Privacy Litigation., No. 20-3056 (ND Cal. Memorandum of Points for Proposed Settlement Aug. 5, 2021)). The transaction is still subject to court approval.
Here’s a quick rundown of the material terms of the proposed deal:
- Monetary relief: $58 million fund for the defined consumer class who, among other things, held a financial account that Plaid accessed using the user’s login credentials and connected to a web-based or mobile fintech application.
- Data deletion: Plaid will delete data that was retrieved as part of Plaid’s “Transactions” product, which may include financial account activity information, such as the amount, time and location of deposits, withdrawals, transfers or purchases, for users that Plaid can reasonably determine did not link an account to an application that requested transaction data. Therefore, if a consumer has only connected an application (or applications) that has not asked Plaid to collect transaction data, but Plaid has nevertheless retrieved such data, Plaid will delete such data from its systems.
This is a major deal in the area of fintech privacy, as the collection and use of consumer data has become more scrutinized in recent years, especially amid the surge of fintech and money transfer apps that have become popular. among consumers. With major mobile platforms tightening their developer policies and privacy notification requirements around data sharing this year, and more stakeholders filing mobile and privacy-related lawsuits, we will continue to monitor developments in these areas. .