As banks talk with Facebook, time to review your privacy rights

Gramm-Leach-Bliley Act lets you opt out of some data sharing

Fred O. Williams
Senior Reporter
Expert on consumer credit laws and regulations.

Debt fears

With Facebook asking banks to share customer information, now is a good time to review your privacy rights when it comes to financial data.

Banks and card issuers can share your sensitive information – including identity, Social Security number and payment history. When the sharing is for business purposes, such as updating your credit report or completing transactions, you don't have a choice.

But under the Gramm-Leach-Bliley Act, you can opt out of having your information shared for certain marketing purposes outside the company and its affiliates.

Facebook looks to partner with banks

On Aug. 6, the Wall Street Journal reported that Facebook has been talking with banks about sharing customer information back and forth. The moves come as Facebook seeks to deepen engagement with its user base.

The company issued a statement saying the story was overblown. Facebook is seeking to partner with banks to allow Messenger chat service to be a platform for bank customers to communicate with customer service.

"The idea is that messaging with a bank can be better than waiting on hold over the phone," Facebook spokeswoman Elisabeth Diana said in a statement, "and it's completely opt-in." She denied that Facebook is actively seeking transaction data.

But Facebook does already partner with PayPal to carry out transactions via the platform. And industry analysts expect more collaboration between financial services and social networks.

What you should know about privacy rights

  • Privacy opt-out can limit bank sharing your data with Facebook.
  • Under Gramm-Leach-Bliley, you can opt out of some data sharing by financial institutions.
  • Social networks promise convenience, but bank apps and online platforms offer greater security.

"If they are a non-affiliate, the financial institution could not share information with Facebook if you had opted out from information sharing," said Paul Stephens, director of policy and advocacy at Privacy Rights Clearinghouse, a nonprofit privacy advocate based in San Diego.

However, service providers and joint marketing partners are not covered by opt-out rights, if they are involved in certain business purposes.

The structure of whatever partnership emerges between banks and Facebook will determine the limits of GLBA opt-out rights.

Potentially, Facebook might have to issue its own opt-out notices, if its role meets the definition of a financial service under the law, Stephens said.

See related: Creditcards.com guide to privacy notices, with links to major credit cards' online disclosures

Fewer privacy notices, but more noticeable

Knowing what you can keep private and what you can't is complicated. Fortunately, notices of your privacy rights are becoming more helpful.

Under a federal regulation issued last week that finalizes a 2015 law, financial institutions can skip sending you a notice of your privacy rights – in certain circumstances. The law took effect in December 2015.

The exception means you should only receive an annual notice if the institution shares your information in ways that you can prevent.

You should get the privacy notice:

  • When you sign up for a new bank account or credit card.
  • Annually, if the company shares information in ways you can prevent.
  • If the company's practices change from its previous notice to you.

The change is designed to "put an end to redundant mailings and it would also make it more likely for people to pay closer attention to mailings they receive from their financial institutions because they would be receiving fewer," said Rep. Blaine Luetkemeyer, R-Mo., sponsor of the legislation.

While notices must be delivered annually, consumers can exercise their opt-out rights at any time.

Whether it's delivered by regular mail or a link to an online page, the boilerplate notice is easy to ignore. But with privacy concerns heating up, it may be wise to pay more attention.

"If they are a non-affiliate, the financial institution could not share information with Facebook if you had opted out from information sharing."

How opt-out rights can protect you

Opting out of third-party information sharing under GLBA should prevent tie-ins of the sort that the WSJ article outlined.

"I would strongly advise anyone from sharing financial information with Facebook," Stephens said. "They already have so much information about us – it could be a marketing gold mine for them, but not in the best interest of consumers."

Of course, if you opt in for a financial service such as getting account alerts via Messenger, the sign-up process will mean giving the necessary permissions for the service to operate, overriding any blanket opt-out choice.

"I would strongly advise anyone from sharing financial information with Facebook. They already have so much information about us – it could be a marketing gold mine for them, but not in the best interest of consumers."

Even such routine communications could be mined to reveal details about your financial picture that you might not want to share beyond your bank, Stephens said.

"If I'm engaging in any sort of conversation with my financial institution, I don't want Facebook to be privy to the content of that conversation," he said. With most banks having their own mobile apps and chat options, there's no need to go through intermediaries, decreasing privacy and security, he said.

See related: Top 10 apps for the credit card already in your wallet

Other opt-out rights unaffected by new regulation

You can also opt out of receiving pre-screened offers of credit under the Fair Credit Reporting Act. Many banks include notice of those opt-out rights in a single privacy notice that includes the Gramm-Leach-Bliley notice.

"Financial institutions that choose to take advantage of the annual notice exemption must still provide any opt-out disclosures required under the Fair Credit Reporting Act," said a blog post by Ballard Spahr attorney Barbara Mishkin.


Join the discussion
We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, do not disclose confidential or personal information such as bank account numbers or social security numbers. Anything you post may be disclosed, published, transmitted or reused.

If you are commenting using a Facebook account, your profile information may be displayed with your comment depending on your privacy settings. By leaving the 'Post to Facebook' box selected, your comment will be published to your Facebook profile in addition to the space below.

The editorial content on CreditCards.com is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company's business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.




Weekly newsletter
Get the latest news, advice, articles and tips delivered to your inbox. It's FREE.


Updated: 11-19-2018