PayPal’s Identity Service, Gone Too Far

Looks like PayPal is offering a new identity service. Gaining access to over a 100 million users who trust the brand seems like a pretty good opportunity. However reading through the benefits of using this service made me a feel a little queasy. This service is abusing the privacy of their customers, badly. If you don’t believe me take a look at what information they are offering to developers on the people who use their service:

• Transaction Recency (Bustling, Active, Engaged, Operative & Passive): Describes how recently a buyer has transacted on PayPal

• Transaction Frequency (Engaged, Habituated & Casual): Tells how frequently the buyer has used PayPal for online transactions over the last 12 months

• Activity Class (Super Engaged, Engaged, Light Engaged, Functional, Habituated, Casual, Sustaining & Passive): Combines recency and frequency to tell how active this buyer is over the last 12 months

• Average Spent Value (High, Medium, Low & Very Low): Describes what grouping this buyer’s spend falls into relative to other buyers over the last 12 months.

That’s getting pretty personal, especially if I am just logging in to a site for something other than banking purposes. I can’t imagine other people would be too comfortable with this either.

However, I firmly believe that if a company is transparent with the information they gather then that’s OK — caveat emptor. With that in mind, after reading about the service, I went to their privacy policy to see if they ask for permission to give out this sort of data. Here is the relevant paragraph:

How we use the personal information we collect

Our primary purpose in collecting personal information is to provide you with a secure, smooth, efficient, and customized experience. We may use your personal information to:

• provide the PayPal Services and customer support you request;
• process transactions and send notices about your transactions
• resolve disputes, collect fees, and troubleshoot problems;
• prevent potentially prohibited or illegal activities, and enforce our User Agreement;
• customize, measure, and improve the PayPal Services and the content and layout of our website and applications;
• deliver targeted marketing, service update notices, and promotional offers based on your communication preferences;
• compare information for accuracy and verify it with third parties.

Does the information offered by the identity service fit into this policy? I guess that’s a legal question, but it sure feels wrong to me. Also related, the privacy policy explicitly states:

PayPal will not sell or rent any of your personal information to third parties for their marketing purposes and only shares your personal information with third parties as described in this policy.
I guess PayPal defines “personal information” somewhat differently then I would.

PayPal has a pretty bad reputation in the small business community already. This certainly isn’t going to help that. PayPal is going too far with this and I hope the public wakes up and takes action by taking their business elsewhere.