Privacy obligations under PIPEDA apply to financial technology sector
Early Resolved case summary #2017-001
July 25, 2017
- While the financial technology (FinTech) sector is relatively new, this case summary is an example of how PIPEDA can and does apply to this emerging sector, and how the OPC’s early resolution process can play a role in effectively and efficiently resolving disputes in a manner that is both beneficial to a FinTech company and an individual.
- The purposes for which organizations collect, use and disclose personal information have to be identified at or before the time of collection with the goal of informing an individual of the privacy implications of their decisions before they decide to proceed.
The complainant visited the website of a FinTech organization with the intention of opening a financial investment account online. In general, a FinTech company is a technology driven company that provides online and digital financial services. In order to simply obtain the company’s investment account management agreement, the complainant had to first provide his personal information, some of which was sensitive. Once he disclosed his personal information, he was then able to access the company’s management agreement and review its terms and conditions, to determine whether or not he wanted to open an account with the company. After reviewing the agreement, the complainant decided not to open an account.
The complainant contacted the company to express his concern about the collection of his personal information and asked that the information be deleted since he had chosen not to become a client. He received a response from the company, citing “regulatory requirements” for the collection of personal information. Dissatisfied with the response, the complainant filed a complaint with the OPC.
The complainant was pleased with the outcome and considered the matter early resolved.
- Date modified: