On August 5, 2021, a proposed class action settlement was reached in the closely-watched privacy action against fintech services company Plaid Inc. (“Plaid”). The settlement features a $58 million settlement fund and certain injunctive relief that would make changes to Plaid’s methods of notice and consumer data collection, including provisions requiring the deletion of certain banking transaction data. (In re Plaid Inc. Privacy Litig., No. 20-3056 (N.D. Cal. Memorandum of Points for Proposed Settlement Aug. 5, 2021)). The settlement is still subject to court approval.
Here is a quick rundown of the material terms of the proposed settlement:
- Monetary relief: $58 million fund to the defined settlement class of consumers who, among other things, held a financial account that Plaid accessed using the user’s login credentials and connected to a mobile or web-based fintech application.
- Deletion of Data: Plaid will delete data that was retrieved as part of Plaid’s “Transactions” product—which can include information about financial account activity, such as the amount, time, and place of deposits, withdrawals, transfers, or purchases—for users that Plaid can reasonably determine did not connect an account to an application that requested Transactions data. Thus, if a consumer exclusively connected an application (or applications) that did not ask Plaid to collect Transactions data, but Plaid retrieved that data anyway, then Plaid will delete that data from its systems.
This is a major settlement in the fintech privacy area, as the collection and use of consumer data has become more scrutinized in the past few years, especially amidst the wave of fintech and money transfer apps that have become popular with consumers. With the major mobile platforms tightening their developer policies and privacy notification requirements surrounding data sharing this year, and more litigants bringing mobile- and privacy-related actions, we will continue to follow developments in these areas.