'Fraud' lawsuit slams Plaid on eve of historic $5.3-billion payday; some experts say it's a 'fishing expedition,' but plaintiff's lawyers say, 'This is no shakedown' -- Second suit follows in July

From my perspective there aren't enough facts presented in this article to draw any real conclusions - though almost everyone will want to! Additionally, having not read through any of Plaid's "Terms of Service" docs, I'm at the disadvantage of not knowing what exactly user's of Plaid's services are agreeing to. (I'm sure I'm not the only one who hasn't read them!). One thing that can certainly be said is that again this comes down to who owns the data - and more importantly who SHOULD own the client data. This is the $64,000 question facing the entire financial services industry at present. I'll go out on a limb and throw out a "stawman" for how this big question ultimately could get resolved: a) any identifying data belongs to the client. b) any specific client unidentifiable data should be owned by both client and data gatherer (unless either party waves their right to it), and c) any aggregated non-identifiable datasets (say of 5 or more clients - pick a number) are owned by the data gatherer. Client gets the right to agree to b) or not. If client doesn't agree to b), then the data gathering entity is prohibited from retaining it in raw form however it can be aggregated into groups of 5 (pick a number) or more. If the client does agree to b), then data gathering entity can, or cannot (depending on their business model) share revenues with the client. OK - let the hole poking begin! ;-)

Brian, Your willingness to be first to jump headlong into the deep murky waters is always appreciated. Brooke

Brian: Very fair comments. At the initial stage when a Complaint is filed, there are rarely enough facts for anyone to figure out whether a lawsuit is justified -- and even after the responsive Answer comes in, things are still at a he-said-she-said state and whatever the "truth" may be, rarely emerges, if at all. Part of what makes this lawsuit interesting is that these types of cases increasingly cite the TOS, which has mushroomed into a laughable document beyond the comprehension of most humans and, to some extent, is as much the problem with these disputes as anything. On Wall Street, we argue about "who owns the customer" when disputes arise between departing stockbrokers/advisers and their former firms. Similarly, with data aggregation and scraping "who owns the customer's data" seems as apt a question. For decades, Wall Street has struggled with so-called Negative Consents whereby the consumer does nothing and the law allows that individual to be screwed albeit legally. Similarly, we have implemented an agenda of Disclosure whereby unreadable font at the bottom of a television screen informs us of information that some bureaucrat thought important but is presented in a fashion that no one can read and, if they could, the image flickers off before the eye can scan even one line. The obfuscation of disclosure is the lifeblood of many professionals. We are in a restless age and folks are angry about everything and seeking immediate change. Unfortunately, legislating under pressure tends to yield overly broad and ineffective laws and rules. On the other hand, those responsible for self regulating their data harvesting have failed to timely address the issues and have only themselves to blame if others, less savvy, now fill the void of reasonable regulation. The process is always messy. Yet again, Bismarck knew his sausages.

I am not qualified to comment on legal claims. But my read .. A. Lender provides users loans B. Lender requires verification of user bank account C. Lender implements Plaid for this purpose D. User applies for loan online E. Lender directs user to logon to their bank to verify account F. Request handed to Plaid who presents what looks like bank's login G. Terms of service are presented H. User wants loan I. User trusts lender (have already given them personal information) J. User trusts bank (they will protect them) K. User accepts terms of service (without close examination) L. User gets loan M. Transaction complete N. Nope. Plaid repeatedly uses credentials to drain user information for profit. A healthy internet economy cannot thrive on deception rationalized by the failure of consumers to read fine-print. If the disclaimer next to the ACCEPT button read .. "By accepting, you allow us to use your credentials to repeatedly and perpetually access your account to gather information on every one of your credit and debit transactions for the purpose of building a database we can sell to others." How many people would accept?

Hi Bob, If that is in fact what Plaid is doing (repeatedly using user credentials for what should be a one-off approval) - I agree that almost anyone would consider that problematic. That said, I can't verify that this is, or is not, a use case - as I haven't used the service. I also agree that if such a statement was placed anywhere in the process flow, most users would logically balk & deny such ridiculous over-reach.

Thanks Brian. It is likely that Plaid will be found to be operating within the letter of its TOC's -- they are smart guys running a big and successful company. Its really about the look forward sustainability of models that operate outside a "common sense consumer trust model" -- the point of my one line disclaimer. If we were in Europe the holders of those 200M accounts that interacted with a Plaid enabled or any other similar app would be able to request at any time that the provider (a) describe exactly what data the company has of the user; (b) request that they be provided a copy of that data; (b) request that all their data be deleted; (c) and that any authorization that believe they had to access the users data be revoked. Play that forward to similar privacy regulations in California likely to take shape in other states. Even with full informed consent of users to have contributed their data to the "database", its commercial and asset value could be extinguished quickly with an act of protest (recent events tell us the power of those) that has had masses of consumers simply exercise their "right to be forgotten". The data analytics businesses that accumulate data in this manner are challenged to balance the needs of consumers and the dangerous business of amassing vast quantities of our personal data. As a long term fin-tech entrepreneur its hard not to love the Plaid story - unicorns and all that. That aside, I am passionate about making sure we (the tech community) promote an eco-system of trust and verifiability that facilitates the flow of data while adhering to what are inevitable well-needed consumer privacy constraints. The Plaid suit, for me, is less about Plaid and more about a continued "caveat emptor" approach by tech companies to consumer rights that will produce both regulatory and consumer backlash. Remember Plaid's tag line is 'Make Money Easy' - that means one-click - not 20 page TOC's.

Hi Bob, I couldn't agree with you more. Transparency and simple, full disclosure is the only way forward here. I suspect there are some great opportunities for new companies to develop in the space - such as "data fiduciaries" that help consumers navigate these services and potentially monetize their own data successfully.