Truelayer appear to be illegitimately harvesting personal financial data whilst acting on behalf of Freetrade

manual deposits are instant now, I’m still using them.

Withdrawals still take a few days

1 Like

Ultimately @Stu.F what are you hoping for as an outcome to this topic?

  • I don’t think you’re going to get Freetrade to change their payment processor

  • if you want to find out why they need that data contact the relevant companies

  • if you won’t use freetrade while they use TrueLayer then find another broker

I do think it’s alleged, you don’t know that TrueLayer are retaining your data. They may use it as a processor rather than storage. They are very different in regulation. (for reference I work in data tech).

Also language like “they wash their hands of it” is quite antagonistic. Its pretty standard when partnering to do due dilielgence and then protect your own entity in the Ts and Cs.

3 Likes

In the context of the topic, and not limited to the quote.

When a Freetrade’s customer uses Truelayer to transfer money to and from her/his account, Freetrade is a third party and it’s ok, required even, for Truelayer to share that data with the third parties, ie Freetrade and the bank.

It would be a concern if the data were to be shared with other third parties not directly involved with the specific transaction.

Even HMRC can be considered a third party.

Some permissions do seem odd at first glance.

I don’t know how to say this any better so beware of semantics with allegations and statements of fact. Better to be smart and cautious I believe

3 Likes

Mike I wanted to see if others had encountered the issue and what the general consensus was.

Outcome - Well I’m a bit stuck at the moment, I won’t be using Freetrade to buy anything else but equally I cannot withdraw. It’s not until you try to add a bank account that you’re made aware of the demands made on your data.

Turelayer have now referred it to their compliance department so at least now I am hopefully getting closer to understanding why they might want that level of data access. They intimate it is Freetrade taking the data, we’ll have to see.

Ah well glad to hear you’re getting somewhere!

Curious to hear the outcome. Best of luck.

I think this option is already there. You just need to scroll to bottom of the list of banks and there will be a link “Manual Transfer”. When you click on it, a FT screen would appear with the FT’s Bank Account details and your unique Reference number. You can then use this information to transfer from your own bank’s app or website. Usually, your money should appear in your account instantly.

3 Likes

Tinfoil hat much :smiley: what you hiding that you’re ashamed of? Why are you telling your bank about your saving goals?

You don’t have to be hiding something to be concerned about privacy. Maybe they weren’t expressed in the best way and it came across as confrontational, but the OP had some legitimate concerns. The fact that Truelayer’s compliance team is looking into it shows that they consider his questions worthy of investigation.

2 Likes

Arrogance much. :yawning_face:

My bank knows about my ‘savings goals’ because they manage my savings.

I have an account with separate areas for savings which are organised as goals. You can automate savings, for example by scraping the account or by rounding up or regular transfers.

I have nothing to hide but equally if they don’t need to know there’s no need to tell them. Simple as that.

1 Like

Think you’re right to ask the question.

This is what HSBC has shared with them, which doesn’t look like as much, and I’m happy with all these.

Maybe its an oversight but it still needs flagging to truelayer, people are right to be suspicious these days, no need to have a go.

4 Likes

a possible (benevolent) way to look at savings goals info request: by having access to this info they may be able to send reminders and make suggestions to help the customer stay on track. It may be the case with Truelayer IDK

4 personal notes on the nothing to hide fallacy, generally speaking:

  1. nothing to declare
  2. the right for privacy
  3. the right to decide which info to share with, to what extent, when… (implied risk of
    being perceived as manipulative behaviour…)
  4. the right to ask doesn’t imply the right to obtain an answer
4 Likes

A good guideline in security is to allow permission for the minimum to do the required tasks, and no more.

Their stated aim is to take authorised payments and possibly check on the status of that payment.

They have no business sending customers suggestions on how to stay on track or anything else really, because that has nothing to do with what they said they wanted to do.

The flip side of this is that permissions are often asked for far in excess of what is needed because it makes the life easier for the developer. This is very typical in app development for example, and it’s become normalised for people to accept very dangerous options without thinking… An example is that most free apps that use advertising need permissions to access files on the device, internet access, your identity, etc. And people are so used to just giving these permissions away, that they no longer realise that these permissions allow a malicious app to do pretty much anything it likes on the phone.

I’m willing to believe that this was probably just an oversight or poor decision somewhere. Maybe when they were integrating Truelayer, they just chose all the permissions available because they might be useful in the future. But it is much better to only ask for the specific things they actually need, and it’s right to push for that. If all those things are listed out as separate permissions, it’s presumably possible for them to get a smaller set of permissions with no impact on the required functionality of sending a payment.

It’s good that this question is being asked, even if the way it was done ruffled some feathers.

4 Likes

Thanks for sharing Adam. It seems there are still some things in your list that are unnecessary ’nice to haves’.

Interestingly I tested the process with another account I have with a different bank and it hasn’t alerted me of any such intrusion in to my data privacy.

A quick look at the TrueLayer API description reveals the motives.

2 Likes

Personally I couldn’t care less what data a company holds about me. It doesn’t affect me day to day, so it never comes into consciousness.

As someone who has family in the government security services on both sides of the pond, you’d be surprised what info the governments have in everyone’s individual “file” . Info that makes this thread so mundane its ridiculous. Sadly I can’t divulge much more, as having signed the Official Secrets Act many moons ago in my youth, I don’t wish to create ripples for myself and family members.

I’m more interested in why yet again, we have another negative thread about FT, posted by someone with their very first post. Methinks the opposition are very worried about FT’s obvious success at their expense.

5 Likes

It does affect you though and you don’t even realise. That’s the issue. Everything you see on the internet, all recommendations, all prices are created by accumulating knowledge about you as a person based on your data.

4 Likes

Just curious how this affects anyone as I don’t ever see anything from Truelayer in any way shape or form other than it processed my payment. They don’t have any opportunity to advertise or anything.

I get both sides of the argument but personally I couldn’t care less as it is a small price to pay instead of actual charges which would be needed if my data wasn’t used to fund the operation. Besides the amount of data we give to far less worthy places is more my concern.

Glad the new Apple update didn’t ask for permissions on FT like it does on most apps though :stuck_out_tongue_winking_eye:

1 Like

But you seem to be under the impression that having the internet send me recommendations is a problem. I don’t. I have this thing called free will, and I use it to act on things if I wish.

I don’t lay awake at night worrying about what some algorithm is doing with my internet footprint.

On a side note, during my time in the 80’s working as a bookie, we’d keep a diary of certain punters, what bets they placed, what they won or loss. It allowed us to maximise our profits out of them, by knowing when to curb their stakes or odds to our advantage. This using of data to increase profits for a company isn’t something invented by the internet. Humans have been doing it for centuries.

2 Likes

Yes, and that’s your choice to make. Other people, however, might care what happens to their data.

That there is a lot of legislation around data protection, and even more so in financial areas, shows that even if you don’t care about these issues, even the government recognises their importance.

3 Likes

:joy: If I was you I’d be more worried what’s in my government file, than worrying about pop ups offering you goods to purchase.