As banks talk with Facebook, time to review your privacy rights
Gramm-Leach-Bliley Act lets you opt out of some data sharing
Expert on consumer credit laws and regulations.
With Facebook asking banks to share customer information, now is a good time to review your privacy rights when it comes to financial data.
Banks and card issuers can share your sensitive information – including identity, Social Security number and payment history. When the sharing is for business purposes, such as updating your credit report or completing transactions, you don't have a choice.
But under the Gramm-Leach-Bliley Act, you can opt out of having your information shared for certain marketing purposes outside the company and its affiliates.
Facebook looks to partner with banks
On Aug. 6, the Wall Street Journal reported that Facebook has been talking with banks about sharing customer information back and forth. The moves come as Facebook seeks to deepen engagement with its user base.
The company issued a statement saying the story was overblown. Facebook is seeking to partner with banks to allow Messenger chat service to be a platform for bank customers to communicate with customer service.
"The idea is that messaging with a bank can be better than waiting on hold over the phone," Facebook spokeswoman Elisabeth Diana said in a statement, "and it's completely opt-in." She denied that Facebook is actively seeking transaction data.
But Facebook does already partner with PayPal to carry out transactions via the platform. And industry analysts expect more collaboration between financial services and social networks.
What you should know about privacy rights
- Privacy opt-out can limit bank sharing your data with Facebook.
- Under Gramm-Leach-Bliley, you can opt out of some data sharing by financial institutions.
- Social networks promise convenience, but bank apps and online platforms offer greater security.
"If they are a non-affiliate, the financial institution could not share information with Facebook if you had opted out from information sharing," said Paul Stephens, director of policy and advocacy at Privacy Rights Clearinghouse, a nonprofit privacy advocate based in San Diego.
However, service providers and joint marketing partners are not covered by opt-out rights, if they are involved in certain business purposes.
The structure of whatever partnership emerges between banks and Facebook will determine the limits of GLBA opt-out rights.
Potentially, Facebook might have to issue its own opt-out notices, if its role meets the definition of a financial service under the law, Stephens said.
Fewer privacy notices, but more noticeable
Knowing what you can keep private and what you can't is complicated. Fortunately, notices of your privacy rights are becoming more helpful.
Under a federal regulation issued last week that finalizes a 2015 law, financial institutions can skip sending you a notice of your privacy rights – in certain circumstances. The law took effect in December 2015.
The exception means you should only receive an annual notice if the institution shares your information in ways that you can prevent.
You should get the privacy notice:
- When you sign up for a new bank account or credit card.
- Annually, if the company shares information in ways you can prevent.
- If the company's practices change from its previous notice to you.
The change is designed to "put an end to redundant mailings and it would also make it more likely for people to pay closer attention to mailings they receive from their financial institutions because they would be receiving fewer," said Rep. Blaine Luetkemeyer, R-Mo., sponsor of the legislation.
While notices must be delivered annually, consumers can exercise their opt-out rights at any time.
Whether it's delivered by regular mail or a link to an online page, the boilerplate notice is easy to ignore. But with privacy concerns heating up, it may be wise to pay more attention.
How opt-out rights can protect you
Opting out of third-party information sharing under GLBA should prevent tie-ins of the sort that the WSJ article outlined.
"I would strongly advise anyone from sharing financial information with Facebook," Stephens said. "They already have so much information about us – it could be a marketing gold mine for them, but not in the best interest of consumers."
Of course, if you opt in for a financial service such as getting account alerts via Messenger, the sign-up process will mean giving the necessary permissions for the service to operate, overriding any blanket opt-out choice.
Even such routine communications could be mined to reveal details about your financial picture that you might not want to share beyond your bank, Stephens said.
"If I'm engaging in any sort of conversation with my financial institution, I don't want Facebook to be privy to the content of that conversation," he said. With most banks having their own mobile apps and chat options, there's no need to go through intermediaries, decreasing privacy and security, he said.
Other opt-out rights unaffected by new regulation
You can also opt out of receiving pre-screened offers of credit under the Fair Credit Reporting Act. Many banks include notice of those opt-out rights in a single privacy notice that includes the Gramm-Leach-Bliley notice.
"Financial institutions that choose to take advantage of the annual notice exemption must still provide any opt-out disclosures required under the Fair Credit Reporting Act," said a blog post by Ballard Spahr attorney Barbara Mishkin.
- Fed: Balances on cards rose $1.2 billion in July – Credit card balances rose at a 1.5 percent annualized rate in July, the Federal Reserve said, reversing a decline the previous month ...
- Main lesson after Equifax breach: Protect yourself – September 2018 marks the first anniversary of Equifax's massive breach, which prompted calls for tougher security. Continuing hacks, however, prove that breaches won't cease. ...
- Surprising credit card travel exclusions – Your credit card's travel insurance may not cover injuries sustained while taking part in a protest or riot, driving under the influence, skydiving, or due to a pre-existing medical condition ...