How We Investigated Personal Finance Apps: Methods, tips and challenges
The investigators behind "The Depth of Your Virtual Purse: What do fintech apps know about you?" talk about the methodology, tools, findings and challenges faced along the way.
The webinar discusses the making of a recent investigation - conducted by Maldita.es, Tactical Tech and SocialTIC - into how financial technology (fintech) apps focused on personal budgeting handle their users’ data privacy, but also how users themselves manage their personal information inside these apps.
More about the investigation: The Depth of Your Virtual Purse: What do fintech apps know about you?
Investigators used the EU's GDPR (General Data Protection Regulation) mechanisms to obtain and analyse the types of user data collected by the apps as well as what happens to this data within and beyond the apps.
The findings were quite intriguing:
- a company handed data about the wrong user;
- an app refused initially to provide data as required by law;
- evidence of aggressive trackers accessing users’ personal data, and the use of automated user profiling mechanisms;
- sensitive personal data and private habits get shared for advertising purposes, and are sometimes transferred to countries not covered by the GDPR, such as the United States.
In this webinar, investigators talk about how the methodology was designed and adapted along the way, the challenges faced from different sides and the intriguing findings uncovered. They also discuss the ways forward, how such research can be replicated, and what app users themselves could and should do to gain more awareness of their digital rights and claim control over their data.
Naiara Bellio - Maldita.es
Naiara is the technology editor at Spanish outlet Maldita.es and the coordinator of the section Maldita Tecnología. The section addresses disinformatioin and misinformation related to technological processes and people's digital life, as well as analyses the dissemination of information related to data protection. Naiara has worked for Agencia Efe in Madrid and Argentina and also for the digital media elDiario.es.
Laura Ranca - Tactical Tech
Laura is a researcher and trainer with Tactical Tech's Exposing the Invisible (ETI) project. She trains citizen investigators, activists, journalists and rights defenders on techniques, tools and safer methods of digital and non-digital investigations, as well as coordinates the development of the Exposing the Invisible Kit, a collaborative, self-learning resource for people and communities who feel motivated to start their own investigations.
Paul Aguilar - SocialTIC
Paul is a coordinator of the Digital Security Program at SocialTIC and a cybersecurity specialist. He assists, trains and supports activists and rights defenders in Latin America in the development of digital security strategies. Paul is an advocate of free and open source technologies.
Investigation report in English: "The Depth of Your Virtual Purse: What do fintech apps know about you?", published by Exposing the Invisible, Tactical Tech, March 2022.
Investigation report in Spanish (pdf.): "Tu cartera ya no está en tu bolsillo, sino en tu móvil: ¿qué saben de ti las aplicaciones de control de gastos?", Maldita.es, March 2022.
About the Organiser
Tactical Tech is an international non-profit organisation that engages with citizens and civil-society organisations to explore and mitigate the impacts of technology on society. Exposing the Invisible is a Tactical Tech project that develops resources, training and collaborations promoting investigation as one of the most important forms of public engagement.
*The production of this webinar was co-funded by:
Investigative Journalism for Europe (IJ4EU)
The European Commission
This text reflects the authors' view and the funders are not responsible for any use that may be made of the information it contains.