PayPal wants to share your data – unless you do this

A PayPal logo is displayed on the screen of a tablet.
(Image credit: Photo Illustration by Sheldon Cooper/SOPA Images/LightRocket via Getty Images)

Another week, another online service tried to silently change its data collection and sharing practices by default. The good news is that you still have time to opt out before any of your information gets automatically given away without your consent.

As per PayPal's policy updates page (issued on September 23 for US users), the service is set to exchange your data with third-party merchants "to help improve your shopping experience and make it more personalized for you." Starting in early Summer 2025, the new policy will not just come at the detriment of your privacy – even if you're using the best VPN apps – but PayPal will start gathering data as early as November 27, 2024.

Users appear to be opted in by default (see image below), which may be an issue under some privacy regulations like GDPR. After coming across some US-based accounts complaining about this on Twitter, I decided to check if that was the case also for people in the UK (where I'm based). When I accessed my privacy settings, the option was automatically toggled in.

Screenshots of PayPal privacy settings on iPhone.

The screenshots were taken at the time of writing, September 30, 2024. (Image credit: Future)

It's also important to bear in mind that the policy changes will not apply in the same ways across all jurisdictions and users. For instance, in the UK, the new data sharing is set to be enforced on October 10, 2024.

A policy update dated July 8 clarifies that, for the UK market, "merchants are permitted to share customer personal information provided to them by PayPal with their service providers."

I suggest checking your profile settings as soon as possible to reverse the change if you don't wish your data to be shared.

How to opt-out PayPal's new data sharing

Depending on where you're based, you'll find PayPal's new data-sharing option under a different name. Remember, you may not see this at all if you're based in a country that doesn't allow it.

If you're in the US, you should head to your profile Settings and tap on Data & privacy. Under Manage shared info, click on Personalized shopping. You should see the option enabled by default. Toggle off the button at the right to opt-out.

If you are in the UK like me, you'll see something different after you head to your profile Settings and tap on Data & privacy

Under Manage your privacy settings, here you'll see an Interest-based marketing tab – click on it. At this point, two options will appear: Interest-based marketing on PayPal and Internet-based marketing on your accounts. You have to tap on each of these and toggle off the button at the right to opt-out. These instructions can also apply if you're based in the EU.

PayPal isn't the first online service to silently activate more invasive data practices without asking for users' consent.

In the most recent of such instances, LinekdIn started training its AI tool on user data by default last week. Again, users had to opt out of this functionality to prevent their personal information and posts from being collected. 

Before the Microsoft-owned social platform, also Facebook, Instagram, and X (formerly known as Twitter) had silently enabled the training of their AI tools on all users' public information.

"We shouldn't have to take a bunch of steps to undo a choice that a company made for all of us," tweeted Rachel Tobac, ethical hacker and CEO of SocialProof Security, at the time to comment on the LinkedIn move. "Organizations think they can get away with auto opt-in because 'everyone does it'. If we come together and demand that organizations allow us to CHOOSE to opt-in, things will hopefully change one day."

While the business models of these platforms are unlikely to change anytime soon, I suggest keeping an eye out for any news or notifications of policy updates from PayPal  – and any other online services you have an account with, for that matter – to know exactly what information you're sharing at all times.

Chiara Castro
Senior Staff Writer

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up. She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com