Some of the most popular dating services may be violating GDPR or other privacy laws
Unbeknownst
to their users, several popular dating apps, including Tinder, OkCupid and
Grindr, share detailed personal data on their users with third parties for
advertising purposes, a study conducted by the Norwegian
Consumer Council has found.
The details
spanned the gamut and included location, age, gender, as well as, in some
cases, sexual orientation, drug use, and religious and political views. Some of
the information-harvesting habits violated the European Union’s General Data
Protection Regulation (GDPR), said the consumer group. The study examined a
total of 10 apps, including popular menstrual health apps such as Clue and
MyDays.
All the apps
were recorded transmitting user data to at least 135 different third parties.
Combining the Android advertising ID, which was transferred to at least 70
different third parties, and various other trackable identifiers allows them to
create a fairly comprehensive profile of individual users.
This isn’t
the first time that dating apps have been caught red-handed passing on
sensitive user data to third parties. Grindr was caught revealing its users’ HIV status to third-party
companies two years ago. Tinder, for its part, gave away the exact locations of users to other users
with an accuracy of around one hundred feet. In the new study, Tinder’s sister
company OkCupid has been caught sharing highly personal data such as sexuality,
political views and drug use with third parties.
The study
also points to a number of disconcerting things that users usually overlook.
When downloading Tinder or OkCupid, none of them brings up the issue of privacy
or advertising, simply surmising that by joining in you’re freely giving your
consent. A closer look at the privacy policy of either app does reveal that it
may share your personal information with third parties, but it doesn’t disclose
who these third parties are.
Another
unsettling thing is that both apps reserve the right to share data with other
companies in the Match Group, their parent company. This essentially means that
if you’ve used Tinder, then OkCupid, Hinge or any other of the more than 45
dating-related businesses in the group may have had access to your personal
data, even though you have never registered with them. If you haven’t read the
privacy policy (which any user rarely does) you would have no idea any of this
taking place.
And that is
the heart of the matter here. According to the study, the ways in which
consumers are informed (or not) on how their data is handled and on the
processing of the data itself may be in violation of the GDPR or other privacy
laws that are designed to safeguard their privacy. Online privacy has become a
hot topic over the past few years and European consumers are steadily becoming more aware of their rights. Which means they are more
likely to scrutinize who and what they give their consent to.