Congresswoman Anna Eshoo

Representing the 18th District of California

Eshoo, Wyden, Brown Urge FTC to Investigate Firm Collecting and Selling Americans’ Financial Data

January 17, 2020
Press Release

Lawmakers concerned that Envestnet, operator of the largest consumer financial data aggregator in the U.S., is breaking the law by selling Americans’ personal data without consent

 

Washington, D.C. – U.S. Rep. Anna G. Eshoo, D-Calif., U.S. Sen. Ron Wyden, D-Ore., and U.S. Sen. Sherrod Brown, D-Ohio, today demanded the Federal Trade Commission (FTC) investigate Envestnet for possibly violating the law by recklessly selling Americans’ personal data. 

Envestnet operates Yodlee, the largest consumer financial data aggregator in the United States. Financial technology apps, banks and other companies use Yodlee to access, collect and analyze transaction data from consumers’ bank, credit card and other financial accounts. Envestnet also sells access to the financial data of tens of millions of Americans.

In a letter to FTC Chairman Joseph J. Simons, the lawmakers wrote, “The consumer data that Envestnet collects and sells is highly sensitive. Consumers’ credit and debit card transactions can reveal information about their health, sexuality, religion, political views, and many other personal details. And the more often that consumers’ personal information is bought and sold, the greater the risk that it could be the subject of a data breach, like the recent breaches at Equifax and Capital One.”

The legislators express concern that Envestnet does not adequately notify consumers that their personal financial data is being sold to third parties, therefore violating the FTC Act’s prohibitions against unfair and deceptive practices.

The lawmakers continued “Consumers generally have no idea of the risks to their privacy that Envestnet is imposing on them. Envestnet does not inform consumers that it is collecting and selling their personal financial data. Instead, Envestnet only asks its partners, such as banks, to disclose this information to consumers in their terms and conditions or privacy policy. That is not sufficient protection for users.”

A copy of today’s letter is available here.

###