PayPal's data sharing controversy: New setting raises privacy concerns
PayPal has reportedly made a change to its privacy policy that allows the company to share user data with third-parties. There is a way to opt-out of this data sharing.
A report by 404 Media claims that PayPal has opted in users, without their explicit permission, to share their data with marketers. Why? Well, the company wants to offer users a "personalized shopping experience".
Users discover opt-out feature for third-party data sharing, sparking debate on digital privacy
The article shows a screenshot that is related to a setting captioned, Personalized Shopping.
(Image courtesy: 404 Media)
The setting is described as follows,"Let us will share products, offers and rewards that you might like with participating stores." A statement right below the toggle says that PayPal will start building more personal experiences for users starting early summer 2025, and that users can opt in or out of sharing at any time.
It also has a link that leads to a popup that says "PayPal will share recommendations with participating stores based on your shopping history and preferences. Your info helps participating stores show you products, offers and rewards you might like."
See, the problem here is that the setting was enabled already. That's not cool, or legal. You know why they did it, to collect the data before they start rolling out the "Personal Shopping experience." PayPal isn't the first company to resort to privacy-invasive marketing tactics, and won't be the last, either. I mean, take a look at the Privacy Policy (Internet archive link).
How to disable data sharing on PayPal
Go to this page: Settings > Data & Privacy > Manage shared info > Personalized shopping. Disable the toggle for the option under Personalized Shopping.
Now, if you don't find the option, don't be surprised. As a matter of fact, several users don't even have the "Managed Shared Info" section, and that's probably because this change seems to be region specific. PayPal seems to have introduced the feature primarily in the U.S. There is a way to force the option to show up. Sign in to your PayPal account and then visit this page: https://www.paypal.com/myaccount/privacy/settings/recommendations
A few users noted they opted out of interest based marketing under https://www.paypal.com/myaccount/privacy/.
Neither Martin nor I found the setting in our accounts, in Germany and India, respectively. However, the setting may also be available for users in Europe, one person from France said that GDPR did not protect them, because the option was available for their account, and enabled.
I did find an option to opt-out of third-party cookies (Google, Facebook, LinkedIn), under the Manage Cookies section, but these are not related to the controversial data sharing setting that PayPal has introduced. These options are for managing ads that PayPal displays.
Did PayPal notify users about the change?
Some users say that they received an email from PayPal about changes made to the Privacy Statement. In it, PayPal states that "Our updated Privacy Statement outlines how we'll use info collected about you after November 27, 2024, to inform participating stores about what products, offers, and rewards you might like. You can opt out of this at any time in your profile settings under "Data and Privacy."
Another user chimed in saying the email also mentioned that users living in California, North Dakota, or Vermont won't have this setting enabled by default, and that they would need to turn on sharing for a personalized experience.
It is possible that the email could have landed in the spam folder, but I didn't get one. Again, this is probably due to the region specific roll out.
I've said this many times, telemetry options should always be an opt-in feature, and not out.
I live in Germany, registered in different UE country, but still had both of these opted in when I checked.
Didn’t expect anything remotely better from them
Thank you for the link. In MN, USA so got the email but just saved it for later, which hadn’t come yet. If you have both a PayPal Smart Connect account and a PayPal Credit account, as I do, the above link will work for both – just change your login info after signing out of the first one.
Thanks, I did get that email from Paypal, but I never read that lawyer nauseating crap. I turned it off. If they turn it back on, I will simply delete my account. Paypal needs me more than I need Paypal.
So far my account (Asia) does not have this inside the privacy setting. What I am curious about is that I could not log into my PayPal account after their announcement and keep getting the error ‘503 first byte timeout’. This only happened once I entered the authentication code, the webpage just stuck there.
The community forum says that most likely my account was restricted or my ISP side issue. But it is not true and I found a way to bypass it by putting /settings at the end of the link. If it continues like this, I am going to close down the account.
I do not do business with any entity that shares my personal data. No thanks PayPal I’ll take my business somewhere else.
Their smartphone app is now total garbage filled with ads and stupid cash back spam.
Yeah I turned that off as soon as I saw it.
“(…) telemetry options should always be an opt-in feature, and not out”
So true.
PayPal states that it wants to offer users a “personalized shopping experience”.
That’s what they all say. In my view, rather a personalized tracking experience, one more. Gee, looks like we customers are becoming extremely experienced.
I’ve closed my PayPal account years ago.
Check here, too: https://www.paypal.com/myaccount/privacy/settings/recommendations
Thanks for the link…if you also have a PayPal Credit account like I do you will have to also do this there using the above link but changing your login info. I did both accounts…live in MN, USA.
Here is the exact text from the email I recieved in Ca.
“Upcoming changes to our Legal Agreements
Our updated Privacy Statement outlines how we’ll use info collected about you after November 27, 2024 to inform participating stores about what products, offers, and rewards you might like.
If you live in California, North Dakota, or Vermont, we’ll only provide this personalized experience if you turn on sharing. You can do that at any time in your profile settings under “Data and Privacy.”
We’re also making other changes to our Privacy Statement and Legal Agreements. Learn more about any of our updates on our Policy Updates page. You can also view these changes by visiting PayPal.com, selecting “Legal” at the bottom of the page, and then “Policy Updates.”
PayPal
Help & Contact | Security | Apps
Twitter Instagram Facebook LinkedIn
PayPal is committed to preventing fraudulent emails. Emails from PayPal will always contain your full name. Learn to identify phishing
Please don’t reply to this email. To get in touch with us, click Help & Contact.
Not sure why you received this email? Learn more
Copyright © 1999-2024 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131.”
If you expect any big company not to sell your private information, you live in a parallel universe.
This is what to avoid and stick it to targeted advertisers.
1) Everything on streaming or on your phone apps (except browser for some parts) is targeted advertisement. Never make a purchase from those ads.
2) Never make a purchase from a website or social platform from websites that go through ad networks: AdSense or similar. On top, those ads are often unsafe.
3) Never make an impulsive purchase. I let items seat in my Amazon/Walmart shopping cart for weeks or months. Buy when you need it or when it is on big sale, not when you want it. If you want instant gratification, you lost your power.
4) Avoid shopping extensions. Their purpose is not to save you money, but target you with more ads.
Now when you should buy and stick it to targeted advertisers.
1) If you like a content creator and find his information/entertainment valuable, buy stuff from his sponsors/referral links. Some of that stuff is somewhat targeted, but it’s like supporting small business.
2) If you like the website, you trust them, and they have none-targeted ads (you can point your mouse cursor on ad link, and it has stationary referral link and ad picture is hosted on stationary website), you could buy from it.
3) If you go to sites like Amazon after installing an extension or script to hide “Sponsored” matches, you can buy from there too. Do not be lazy and check at least three pages instead of only the first one.
Apparently the settings have to be applied for each browser you use. I delete all cookies at the end of every browser experience so I have no idea if the settings are honored the next time you access the site and have to set them up all over again. I would have thought, in spite of their dodgy practices, the settings would apply at the account level and not at the browser level.
Another site ruined due to greed. I’m so sick of this behavior.
I deleted my PayPal account two years ago when they changed their privacy policy to allow them to fine their customers $2,500 for posting messages that “promote misinformation”. Of course, PayPal was the sole arbiter of determining what messages constituted misinformation They were forced to rescind that (although if you read the privacy policy you’ll see that there is still a potential for fines for unacceptable use) because of the inevitable widespread criticism, but I decided I did not want to support a company that felt that stealing their customer’s money was a good idea. Or was even legal. I can assure you that I have not missed PayPal at all.
This new policy should meet with (almost) equal outrage. I can’t imagine spending time monitoring every one of my browsers on every one of my devices to make sure the setting does not get re-enabled because of an update or a deleted cookie.