Envestnet and its subsidiary Yodlee have asked a federal magistrate judge in California to dismiss a proposed class action suit, which alleges that the firm failed to protect the consumer data it collected, and that it shared and sold data in unencrypted files.
According to the filing, the crux of Envestnet’s argument against the case is that consumers are aware that they’re sharing their bank details with Yodlee when providing their financial login details to sites like Paypal. It also argues that the company’s anonymised, aggregated transactional datasets do not constitute an invasion of privacy under either the California Constitution or common law.
While plaintiffs say they face a “heightened risk of identity theft and fraud” based on Envestnet’s actions and allege that data could be de-anonymised someday, they fail to show conclusive examples of that happening to them, Envestnet goes on to say.
In February, news outlets reported that Yodlee’s data could be de-anonymised to identify individuals, regardless of the in-house anonymisation that was being applied to data before it was sold and shared.
The original lawsuit filed by plaintiffs — Wesch v. Yodlee, Inc. et al — mirrors a similar lawsuit against financial data aggregator Plaid, also filed in the Northern District of California earlier this year. Cottle et al. v. Plaid Inc. alleges that Plaid “takes consumers’ financial account login credentials, accesses their banking and other financial accounts several times per day, and then sells and otherwise misuses the highly personal and private information it has wrongfully obtained.”
If Envestnet's dismissal request is denied, judge Sallie Kim plans to hear the case on February 1, 2021 at 9:30am PST.
Photo by David Clode on Unsplash