Plaid To Face Consumer Privacy, Anti-Phishing Claims

Court allows significant portion of privacy class action against fintech giant Plaid Inc. to proceed.

In an April 30 ruling, Judge Ryu of the Northern District of California refused defendant Plaid Inc.’s attempt to dismiss the complaint filed in May 2020 by a group of consumer plaintiffs on behalf of a class of millions of affected consumers who connected popular fintech apps like Venmo and Coinbase to their bank accounts through software Plaid embedded in those apps.

Invasion of Privacy

Judge Ryu allowed Plaintiffs’ privacy claims to proceed, finding that the Plaintiffs sufficiently alleged an invasion of their privacy rights and corresponding harm:

[Plaid] embeds its software into fintech apps, and that when users seek to link their financial accounts to the apps, Plaid’s software presents them with login screens that look like those used by their individual financial institutions. However, Plaid does not disclose to users that they are interfacing with Plaid rather than their banks. Once deceived, users provide their login information which is transmitted directly to Plaid, and Plaid uses the information to access their bank accounts. . . . Plaid makes no effort to meaningfully disclose how it operates and deemphasizes the link to its privacy policy which Plaintiffs allege is itself substantively inadequate. Finally, Plaid uses the login information to obtain all available data about the users from their financial institutions, regardless of whether it relates to the fintech apps’ money-transfer purposes. This includes information that shows users’ “healthcare, educational, social, transportation, childcare, political, saving, budgeting, dining, entertainment, and other habits,” along with corresponding geolocations. Plaid then sells this personal data to third parties.

Anti-Phishing Act

Judge Ryu also found that the Plaintiffs’ claim under California’s Anti-Phishing Act must proceed, based upon their allegations that “Plaid used the internet to induce Plaintiffs to provide their financial account credentials by representing itself to be Plaintiffs’ financial institutions, including by using banks’ logos and color schemes, and that this was done without the institutions’ authority or approval.”

The Court noted that Plaid’s claim of authority was “directly contradicted” by allegations filed in December 2020 in a lawsuit by PNC Bank against Plaid, where PNC alleged that Plaid “sought to obtain trust and consumer confidence from consumers by intentionally designing user interfaces to misleadingly suggest that Plaid was affiliated or associated with, or sponsored by, PNC.”

"Plaintiffs are pleased the Court recognized the validity of their core privacy claims. We look forward to holding Plaid accountable for its actions,” said co-lead counsel Shawn Kennedy.

Representing the Plaintiffs from Herrera Kennedy LLP are Shawn Kennedy, Nicomedes Sy Herrera, Bret Hembd, and Laura Seidl.

Read more in Law360.