Some of the most popular dating services may be violating GDPR or other privacy laws
Unbeknownst to their users, several popular dating apps, including Tinder, OkCupid and Grindr, share detailed personal data on their users with third parties for advertising purposes, a study conducted by the Norwegian Consumer Council has found.
The details spanned the gamut and included location, age, gender, as well as, in some cases, sexual orientation, drug use, and religious and political views. Some of the information-harvesting habits violated the European Union’s General Data Protection Regulation (GDPR), said the consumer group. The study examined a total of 10 apps, including popular menstrual health apps such as Clue and MyDays.
All the apps were recorded transmitting user data to at least 135 different third parties. Combining the Android advertising ID, which was transferred to at least 70 different third parties, and various other trackable identifiers allows them to create a fairly comprehensive profile of individual users.
This isn’t the first time that dating apps have been caught red-handed passing on sensitive user data to third parties. Grindr was caught revealing its users’ HIV status to third-party companies two years ago. Tinder, for its part, gave away the exact locations of users to other users with an accuracy of around one hundred feet. In the new study, Tinder’s sister company OkCupid has been caught sharing highly personal data such as sexuality, political views and drug use with third parties.
The study also points to a number of disconcerting things that users usually overlook. When downloading Tinder or OkCupid, none of them brings up the issue of privacy or advertising, simply surmising that by joining in you’re freely giving your consent. A closer look at the privacy policy of either app does reveal that it may share your personal information with third parties, but it doesn’t disclose who these third parties are.
Another unsettling thing is that both apps reserve the right to share data with other companies in the Match Group, their parent company. This essentially means that if you’ve used Tinder, then OkCupid, Hinge or any other of the more than 45 dating-related businesses in the group may have had access to your personal data, even though you have never registered with them. If you haven’t read the privacy policy (which any user rarely does) you would have no idea any of this taking place.
And that is the heart of the matter here. According to the study, the ways in which consumers are informed (or not) on how their data is handled and on the processing of the data itself may be in violation of the GDPR or other privacy laws that are designed to safeguard their privacy. Online privacy has become a hot topic over the past few years and European consumers are steadily becoming more aware of their rights. Which means they are more likely to scrutinize who and what they give their consent to.
