Truelayer appear to be illegitimately harvesting personal financial data whilst acting on behalf of Freetrade

Totally agree Gary.

Thereā€™s a huge amount of data collection carried out in our daily lives that we often donā€™t realise.

2 Likes

A well known example of how passive data can build pictures and be used.

There is a reason companies like Apple, Mozilla and Google are all actively building tracking prevention into their browsers. And a reason for GDPR and CCPA.

5 Likes

I imagine this is more to do with levels of permissions at TrueLayer than any conspiracy to peak at your data, though itā€™d be nice to see confirmation from Freetrade on that.

There will of course be certain things Freetrade need to know for KYC or withdrawal/deposit processes (like for example what currency your account is in and the status of their payment to you), and other data may just come along with the particular data they need (for example say they want transactions to verify that money in has come from you, or money has arrived in your account, and that gives them all transactions). I donā€™t know but would suspect thatā€™s the cause rather than data mining.

I sincerely doubt Freetrade would bother selling information to third parties, and I do think you should rethink that accusation as you have zero evidence that is happening, nor is there any good reason to think they would be doing that. Their business model is not based on selling user information (they donā€™t for example sell order flow). Iā€™m not personally bothered by them having insight into my bank account transactions given I trust them with savings, but see why some could be.

I did prefer the previous system freetrade had where you could see the refs, and avoid truelayer if you wanted to just by setting up a standing order, but I see why for the sake of simplifying the UI and avoiding forgotten refs etc (which cause support load) they have gone with a route that hides the details from you for transfers in, and there may be legal restrictions meaning transfers out can only go to a bank account verified as belonging to you.

I agree with you itā€™d be nice if they can manage to ingest less data via truelayer though, or at least justify what they do look at.

7 Likes

If you really want to scare yourself Mike (assuming youā€™re a Facebook user) look here in the Facebook app -

Settings / Privacy / Settings / Off Facebook Activity

It explains why when youā€™ve been reading about something similar adds suddenly appear in your Facebook feed.

@kenny the image I shared above from TrueLayer gives indication of the motives.

I suspect itā€™s about developing other revenue streams.

Small update.

I referred this to my bank whom agree the types of data requested for the purpose are not necessary and have asked me to refer it to the ICO.

The banks hands are tied as they give access via the Open Banking System and itā€™s incumbent on us as the user to agree how much can be shared in each instance.

3 Likes

So your theory is that Truelayer, not Freetrade, might be selling your information like transactions etc?

That wasnā€™t the impression I got from your post above, perhaps it is worth clarifying that in the post, and if so youā€™d probably want to take that up with your bank rather than freetrade. Most uses of open banking involve sharing transactions, so that is not at all unusual (for example Monzo uses truelayer to see lots of other bank accounts). Given that truelayer is regulated and the rules are quite strict around selling data, Iā€™m not too worried on this.

Will be interested to hear the outcome of your complaint, though I do suspect itā€™s just a case of truelayer and open banking having all or nothing permissions, maybe a few complaints will help them reconsider that and allow companies like freetrade to see less or give users a choice over what they see, rather than just all or nothing.

5 Likes

People with too much time love to complain about anything. Just look at Phillip dying coverage complaints

1 Like

You say pompousā€¦ :laughing:

I say Iā€™m someone who has a different opinion to yourself.

But the same as Iā€™m not worried about what data a company holds on me, Iā€™m also not worried about what some random thinks of me either. :crazy_face:

Once again people diverting this topic into irrelevant subjects. Why freetrade needs these permissions is a legitimate question that no one has the answer for because freetrade donā€™t seem to have disclosed why they want access to our banks with those levels of permissions.

This is a simple question and people are arguing over things that donā€™t matter, why? To avoid the subject?

Itā€™s a good question and should have a simple answer from freetrade. It shouldnā€™t be this complicated.

4 Likes

Have you read the TrueLayer Terms of Service. Not something Iā€™d recommend for a Saturday night but I think it pretty clearly answers the questions asked in this thread;

End User ToS

2 Likes

As an FCA regulated financial service, I imagine Truelayer also have to utilise and retain data for anti-money laundering and security purposes. I imagine including this informationā€¦ I doubt they are just harvesting your data for illegitimate purposes.

Truelayer are a legitimate, FCA regulated company. Loads and loads of companies use their service to facilitate open banking.

Freetrade themselves wonā€™t have requested to have access to this level of data - this lies with Truelayer as the third-party who utilise that data in providing the service. Truelayer provide the service, as the middle man, between your bank and the Freetrade app.

If it was that much of concern, surely your bank would not have agreed to allow the service either? Banks agree to their terms too on the receiving end, and not all banks allow open bankingā€¦ Or at least not yet. Your bank is happy to facilitate allowing Truelayer to function on their sideā€¦ If they were up to something dodgey I doubt they would let Truelayer have the ability to offer open banking.

1 Like

TrueLayer lets you control the permissions the client ( app ) requests. Hereā€™s a list of the available permissions.

Of course, Iā€™m not saying anything untoward is happening here. Iā€™m just highlighting that it would have been a decision to request those permissions. What I gathered from the OP is they want an alternative method to link an account or to understand why the permissions are needed. It also seems like they asked in support first.

I mentioned it further up in the thread, but to repeat it, I wonder what the drop off is when a new user is presented with this. Everyone doesnā€™t query this type of thing, they just drop off.

Perhaps itā€™s worth asking the question on permissions in Community Meetup - 8 PM Wed 12th May 2021, live on Zoom and maybe it will be addressed in the call.

1 Like

It seem to me the main application for this technology is to show me ads for things Iā€™ve already bought :laughing:

2 Likes

Not to go off topic intentionally but small points of data are used to build a bigger picture of the individual to better predict your future behaviour and to control it. This article shows from Facebooks own research that 64% of people who joined extremists groups did so because Facebook recommended them to join Article link. Iā€™m no tin foil hat but your view on these companies is outdated, 10/15 years ago you were right but they are far more powerful than you think.

True layer COULD sell your savings goals to Facebook who knows turn could add that to information they know about your relationship status and COULD sell that to companies who have predicted you might be about to buy a wedding ring and pepper you with soft ads, thus changing your behaviour.

As far as I can see from the truelayer terms linked above, that is explicitly ruled out (it is only shared with partners you choose, only cached with them for short periods), I imagine the FCA would have something to say about it, and finally it would also AFAIK be illegal under GDPR without explicit consent for each specific third party.

Now freetrade may want all that data and Iā€™d be interested to hear why they requested it, but sharing financial data with facebook from truelayer seems to me to be unfounded speculation - wouldnā€™t it be illegal anyway without explicit permission?

5 Likes

Yeah Iā€™m pretty sure it would be illegal, we had to do a short course on GDPR at work, and Iā€™m pretty sure that handing your data to third parties without your consent is a big No No. You have a legal right to know who has your data and what they are using it for.

3 Likes

Incidentally the maximum fine for a GDPR breach is 4% of annual global turnover, or Ā£17.5M whichever is greater

Itā€™s not worth getting this wrong

2 Likes

I donā€™t think I made my point well. It was really just trying to highlight the misnomer that small points of data on their own arenā€™t used by data aggregators. I have no opinion on Truelayer.

I do however feel reasonably well protected by GDPR and am very happy itā€™s around.

2 Likes

This topic was automatically closed 416 days after the last reply. New replies are no longer allowed.