Financial blogger Felix Salmon wants to know why there isn’t regulatory oversight of Mint and other financial management websites, especially if they’re going to sell data created from their users’ transaction histories.
Mint’s CEO Aaron Patzer spoke at SXSW on Saturday and said that the company is sitting on a gold mine of customer data that it may or may not sell. Here’s how Salmon paraphrases it in his blog post:
[Patzer] started talking about the rich value of all the store-level data he was sitting on. For instance, he said, he can see pretty much in real time how much money his huge database of customers is, in aggregate, spending at Blockbuster vs Netflix vs Redbox, or any other set of retailers — and that kind of information would surely be extremely valuable to hedge funds. It was clearly something he’s talked a lot about, and he never said that he wasn’t already selling that data to the highest bidder. If that kind of activity is going on, especially if Mint is using data retrieved using the username and password to my own personal bank accounts, then I would certainly want some kind of regulatory oversight.
That was enough to convince consumer lawyer Sam Glover over at caveat emptor to close his Mint account, explaining:
If I am to do my banking online, I need to be confident that my financial information is being kept secure. This is not like Google, where I can stomach giving up a bit of anonymized usage data in exchange for great software. No, when it comes to my financial information, I do not want my data sold to the highest bidder.
Mint’s Terms of Service point out that in order to provide a service to you, it must access your accounts, but that it does so as your agent and not as an agent of any financial institutions. I couldn’t find any mention of aggregate data or of how Mint would use such data with outside partners or customers, though.
What do you think? If Mint or a similar website tracked every Netflix fee you paid and bundled it anonymously with other users’ transactions, then sold it, would you feel it violated your privacy? And should financial websites be regulated even if they’re not providing actual bank-related financial services?