As banks talk with Facebook, time to review your privacy rights
Gramm-Leach-Bliley Act lets you opt out of some data sharing
Expert on consumer credit laws and regulations.
With Facebook asking banks to share customer information, now is a good time to review your privacy rights when it comes to financial data.
Banks and card issuers can share your sensitive information – including identity, Social Security number and payment history. When the sharing is for business purposes, such as updating your credit report or completing transactions, you don't have a choice.
But under the Gramm-Leach-Bliley Act, you can opt out of having your information shared for certain marketing purposes outside the company and its affiliates.
Facebook looks to partner with banks
On Aug. 6, the Wall Street Journal reported that Facebook has been talking with banks about sharing customer information back and forth. The moves come as Facebook seeks to deepen engagement with its user base.
The company issued a statement saying the story was overblown. Facebook is seeking to partner with banks to allow Messenger chat service to be a platform for bank customers to communicate with customer service.
"The idea is that messaging with a bank can be better than waiting on hold over the phone," Facebook spokeswoman Elisabeth Diana said in a statement, "and it's completely opt-in." She denied that Facebook is actively seeking transaction data.
But Facebook does already partner with PayPal to carry out transactions via the platform. And industry analysts expect more collaboration between financial services and social networks.
What you should know about privacy rights
- Privacy opt-out can limit bank sharing your data with Facebook.
- Under Gramm-Leach-Bliley, you can opt out of some data sharing by financial institutions.
- Social networks promise convenience, but bank apps and online platforms offer greater security.
"If they are a non-affiliate, the financial institution could not share information with Facebook if you had opted out from information sharing," said Paul Stephens, director of policy and advocacy at Privacy Rights Clearinghouse, a nonprofit privacy advocate based in San Diego.
However, service providers and joint marketing partners are not covered by opt-out rights, if they are involved in certain business purposes.
The structure of whatever partnership emerges between banks and Facebook will determine the limits of GLBA opt-out rights.
Potentially, Facebook might have to issue its own opt-out notices, if its role meets the definition of a financial service under the law, Stephens said.
Fewer privacy notices, but more noticeable
Knowing what you can keep private and what you can't is complicated. Fortunately, notices of your privacy rights are becoming more helpful.
Under a federal regulation issued last week that finalizes a 2015 law, financial institutions can skip sending you a notice of your privacy rights – in certain circumstances. The law took effect in December 2015.
The exception means you should only receive an annual notice if the institution shares your information in ways that you can prevent.
You should get the privacy notice:
- When you sign up for a new bank account or credit card.
- Annually, if the company shares information in ways you can prevent.
- If the company's practices change from its previous notice to you.
The change is designed to "put an end to redundant mailings and it would also make it more likely for people to pay closer attention to mailings they receive from their financial institutions because they would be receiving fewer," said Rep. Blaine Luetkemeyer, R-Mo., sponsor of the legislation.
While notices must be delivered annually, consumers can exercise their opt-out rights at any time.
Whether it's delivered by regular mail or a link to an online page, the boilerplate notice is easy to ignore. But with privacy concerns heating up, it may be wise to pay more attention.
How opt-out rights can protect you
Opting out of third-party information sharing under GLBA should prevent tie-ins of the sort that the WSJ article outlined.
"I would strongly advise anyone from sharing financial information with Facebook," Stephens said. "They already have so much information about us – it could be a marketing gold mine for them, but not in the best interest of consumers."
Of course, if you opt in for a financial service such as getting account alerts via Messenger, the sign-up process will mean giving the necessary permissions for the service to operate, overriding any blanket opt-out choice.
Even such routine communications could be mined to reveal details about your financial picture that you might not want to share beyond your bank, Stephens said.
"If I'm engaging in any sort of conversation with my financial institution, I don't want Facebook to be privy to the content of that conversation," he said. With most banks having their own mobile apps and chat options, there's no need to go through intermediaries, decreasing privacy and security, he said.
Other opt-out rights unaffected by new regulation
You can also opt out of receiving pre-screened offers of credit under the Fair Credit Reporting Act. Many banks include notice of those opt-out rights in a single privacy notice that includes the Gramm-Leach-Bliley notice.
"Financial institutions that choose to take advantage of the annual notice exemption must still provide any opt-out disclosures required under the Fair Credit Reporting Act," said a blog post by Ballard Spahr attorney Barbara Mishkin.
- Credit freezes are now free – but do you need one? – Credit freezes, which keep lenders and other companies from viewing your credit, are now free. We compared them to other credit protection tools, including locks and monitoring services. Here's how to use them all to protect yourself ...
- Employer credit checks: Who does them, how they work and what laws apply – If you're applying for a new job, a credit check could determine your fate, depending on the position and where it's based. Here's how they work and what to expect ...
- My card issuer of 25 years suddenly wants to know more about me – Under the Patriot Act, banks are required to verify the identities of their customers and maintain accurate information on them. But my bank's demand to know how I earn my income is an invasion of my privacy ...