Last week, Democratic Senators Ron Wyden and Sherrod Brown and Congresswoman Anna Eshoo sent a letter to FTC Chairman Joseph J. Simons urging the agency to investigate whether analytics firm Envestnet, Inc. (which operates Yodlee) was violating the FTC Act.
According to the letter, Yodlee is the largest consumer financial data aggregator in the United States. It aggregates financial information from banks, credit card companies and other financial services providers with consumer consent, and maintains a database of credit and debit card transactions of tens of millions of consumers. The letter asserts that Yodlee is used by over 1,200 companies to offer online personal finance tools to consumers. Yodlee offers its software and platform to fintech providers, banks, financial apps, consumers and others to help process financial data from various sources.
The crux of the letter claims that Envestnet sells access to such consumer data without meaningful notice to consumers of such sale. The members of Congress reject Envestment’s position that consumer privacy is protected because the data it sells is anonymized, and claim that Envestnet does not inform consumers that their personal financial data is being sold, but rather relies on its partners to make such disclosures in privacy policies or terms of service. The letter asserts that this is not sufficient, as Envestnet does not appear to take any steps to ensure that its partners give such notice, and even if they did, such practices place the burden on consumers to find such a notice “buried in small print” and then search for a way to opt out of such data sharing. Continue Reading