On April 30, 2021 a California district court trimmed various federal privacy-related claims, including the Computer Fraud and Abuse Act (CFAA) claim, from a highly-visible, ongoing putative class action against fintech services company Plaid Inc. (“Plaid”), but allowed other state law privacy claims to go forward. The lawsuit involves Plaid’s alleged collection and use of consumers’ banking login credentials and later processing and selling of such financial transaction data to third parties without adequate notice or consent (Cottle v. Plaid Inc., No. 20-3056 (N.D. Cal. Apr. 30, 2021).
The court’s decision did not delve deeply in the merits of the CFAA claim, as it was dismissed on procedural grounds; similarly, resolution of the major issues of the case about invasion of privacy and the adequacy of consent to access consumers’ bank accounts and collect/aggregate data was not achieved at this early stage of the litigation. Thus, this case is just beginning and is certainly one to watch to see how the unsettled areas of mobile privacy and CFAA “unauthorized access” are further developed.