Visa, the credit card network, is trying to buy financial technology company Plaid for $5.3 billion … Plaid is more than a potential disruptor, it’s also sitting on a massive amount of financial data acquired through questionable means. By buying Plaid, Visa is buying all of its data. And Plaid’s users—even those protected by California’s new privacy law—can’t do anything about it.
Since mergers and acquisitions often fall outside the purview of privacy laws, only a pointed intervention by government authorities can stop the sale. Thankfully, this month, the US Department of Justice filed a lawsuit to do just that.
. . .
Plaid is what’s known as a “data aggregator” in the fintech [financial technology] space. It provides the infrastructure that connects banks to financial apps like Venmo and Coinbase, and its customers are usually apps that need programmatic access to a bank account.
It works like this: first, an app developer installs code from Plaid. When a user downloads the app, Plaid asks the user for their bank credentials, then logs in on their behalf. Plaid then has access to all the information the bank would normally share with the user, including balances, assets, transaction history, and debt. It collects data from the bank and passes it along to the app developer. From then on, the app can use Plaid’s services to initiate electronic transfers to and from the bank account, or to collect new information about the user’s activity.
In a shadowy industry, Plaid has tried to cultivate a reputation as the “trustworthy” data aggregator … Plaid is adamant that it doesn’t sell or monetize user data beyond its core business proposition … Now, in the wake of the Visa announcement, two new lawsuits … claim that Plaid has exploited users all along. Chief among the accusations is that Plaid’s interface misleads users into sharing their bank passwords with the company, a practice that plaintiffs allege runs afoul of California’s anti-phishing law. The lawsuits also claim that Plaid collected much more data than was necessary, deceived users about what it was doing, and made money by selling that data back to the apps which used it.
. . .
Many users might not realize the scope of the data that Plaid receives. Plaid’s Transactions API gives both Plaid and app developers access to a user’s entire transaction and balance history, including a geolocation and category for each purchase made. Plaid’s other APIs grant access to users’ liabilities, including credit card debt and student loans; their investments, including individual stocks and bonds; and identity information, including name, address, email, and phone number.
. . .
Visa is … acquiring everything Plaid has ever collected and—more importantly—access to data flows from everyone who uses a Plaid-connected app. It can monetize the data in ways Plaid never could. And the move completely side-steps restrictions on old-fashioned data sales.
There’s more at the link.
How does it feel to be a digit in someone else’s financial system? That’s all we, as individuals, are to Big Tech and Big Finance. They don’t give a damn about who we are as individuals, or attach any importance to us as human beings. We’re simply cash cows, to be milked at every possible opportunity, and coerced into doing what they want through their ownership (legal or otherwise) of every scrap of information they can use to manipulate us.