PayPal agreed to pay $175,000 and strengthen its privacy and security disclosures in a settlement agreement reached with the Texas Attorney General’s office (the “AG’s office”). The AG’s office claimed that PayPal failed to explain to users of its Venmo mobile money transfer app how users’ personal information would be used and shared.

PayPal acquired Venmo in December 2013.  The AG’s office had been investigating whether Venmo had violated the Texas Deceptive Trade Practices Act. The investigation stemmed from allegations into whether the app used consumers’ phone contacts without an explanation as to the purpose of the contacts or whether contacts would be shared. Based on the allegations, the AG’s office argued that users of the app may have unknowingly shared private information regarding payments publicly.

The settlement agreement specifically requires PayPal to cease accessing Venmo users’ contact lists absent prior disclosure of the type of information that will be accessed, the specific ways in which it will use the data, and how to use and disable certain features of the app which could compromise users’ privacy. The investigation marked the manner in which state and federal authorities are taking measures to assist their citizens from inadvertently compromising their data privacy as they avail themselves of apps meant to simplify consumer transactions.