PayPal has revealed that it shares users’ data with more than 600 external companies.

The payments service has published the third parties it shares data with as part of a transparency drive in a move the company described as “very unusual” but an “important principle”.

Examples on the list reveal the scale upon which companies are granted personal information on people around the world. Many of the third parties listed – over 200 – receive customers’ data, often personal information such as full names and gender, for purposes categorised as “Marketing and Public Relations”. Companies that PayPal passes data to include tech giants Facebook, Twitter, Apple, Microsoft and Google.

One example details how Blueshift, a marketing firm in San Francisco, has access to a customers’ full name, phone number, gender, birth date and city, for the purpose of enabling “marketing automation and personalisation” on behalf of PayPal.

In another example, a London-based cloud company, Carrenza Limited, is granted access to customers’ name, address, email address, business and domain name along with relevant transaction data, account status and preferences.

Facebook, Twitter, Google and Yahoo are all permitted to “execute retargeting campaigns in order to deliver personalised advertising” by using an anonymous ID generated by cookies or pixel tags, which are technologies embedded in web pages that are used to track online behaviour. The firms can also access IP addresses, among other information.

Danal, a provider of mobile identity and authenticity solutions, is granted customer’s keyboard and cursor behaviour as well as customer’s spoken words for purposes including “research”.

More than 100 third party organisations on the list use information given to them by PayPal for purposes that include research and testing of new products and services. PayPal claims to not sell or rent user data, unclear whether these third parties can use this data for their own research and testing. Many of those on the list, such as major banks, are for straightforward operations.

All companies operating in Europe will soon have to be more candid how they share user data in accordance with new data protection law. The General Data Protection Regulation is set to be introduced on May 25, offering consumers’ greater privacy protections and companies may begin to publish lists like Paypal as the deadline looms.

A PayPal spokesman told The Telegraph: “We fiercely protect our customers data, take it incredibly importantly and its fundamental to our reputation. Information is precious to our customers.”

The spokesman added that PayPal was “extremely unusual” in posting the list of third party data, which was last updated on April 1st 2018, but said that the organisation do so because “we believe it’s an important principle”.

Protect your network and your customer data from the threat of cyber attack and theft. Get a FREE On-site, non-intrusive deep network analysis to determine how effective your existing Cyber Security Measures are. 

Call us on 0345 644 2245 or click here to fill in our enquiry form and a member of the team will be in touch.






Article Courtesy of The Telegraph