Dating apps & sensitive personal information of over 10 million users

In 2013, Tinder (owned by Match Group) revolutionized the online dating industry with the swipe right for interest, left for not. Instead of rifling through thousands of profiles to find someone unique, users could decide whether they liked someone based off a few photos.  Match.com (Match Group) is famous for telling customers all about their algorithm. “Synapse” matches millions of subscribers daily. While considering a user’s stated ­preferences, such as desired age range, hair color and body type, it also learns from their actions on the site. So, if a woman says she doesn’t want to date anyone older than 26, but often looks at ­profiles of thirty-somethings, Match will know she is in fact open to meeting older men. Synapse also uses “triangulation”. That is, the algorithm looks at the behavior of similar users and factors in that ­information, too.

High risk of hacking and data breaches

Social/Dating apps admit to storing millions of dating profiles containing detailed sensitive personal information for dating, matching, social circles and even marketing purposes. Just the act of entering “special” or “sensitive” information may potentially endanger your privacy rights. In Match’s privacy policy, they clearly state “By choosing to provide this information, you consent to our processing of that information.” Match processes: profiles, personality traits, lifestyle, interests, photos, racial or ethnic origins, sexual orientation, religious beliefs, sex, weight, and height (increasingly detailed profiles). They also process financial information, surveys, focus groups, registering for promotions, and everyone you chat with through their service.

Users are opening themselves up to many potential risks from hacking to being subject to data breaches. On Valentine’s Day 2019 Coffee Meets Bagel was forced to send out an email admitting the sensitive personal information of six million of their users was hacked, stolen, and put up for sale on the dark web. In 2021, dating app Manhunt, hosting over 6 million users, released a statement to the Washington State Attorney General that a subset of user data had been hacked and downloaded in early February. Mozilla’s 2021 “Privacy Not Included” report examined 21 of 24 dating apps and singled out Grindr as having serious security lapses. Grindr shares countless profile user data, like location, with third parties.

Tinder and Match have upwards of 6.6 million and 11.1 million profiles, respectively. Data breaches on this scale are detrimental to the organizations behind dating apps that survive on sensitive personal information saved to their databases.

Cyberstalking and Surveillance

Many users use dating apps, like Match Group apps, as social media platforms. Match Group owns Tinder and at least 45 other dating sites like Hinge, Match, and OKCupid. Tinder, with 70,000 women’s photos, has countless security vulnerabilities that make it possible for attackers to monitor someone’s every move. Online harassment and gender-based violence on social sites is exceedingly common. According to an October 2019 Pew Research Center survey, 57% of women on dating apps ages 18 to 34 said someone had sent them a sexually explicit image or message they didn’t ask for, 44% said they’ve been called an offensive name and 19% said someone had threatened to physically harm them.

Dating apps have implemented multistep screening, even if you don’t realize it. In March 2021, Tinder and Match announced efforts to test low-cost background checks of its users. Another effort was hiring Tracy Breeden to lead safety and social advocacy.

Improve online safety with data privacy regulations

There are many ways to improve transparency and accountability, such as using online watchdogs, social advocacy, screening, and improving consumer understanding of how information is used. The CCPA’s focus on transparency and accountability means that documentation makes up a core component of compliance. letting regulators know that you updated within the last 12 months and that your practices are current.

Your current Privacy Policy should already include information about:

• Information request rights
• The categories of personal information the business has collected about consumers
• The categories of sources from which personal information is collected
• The purposes for collecting personal information
• The categories of personal information that the business has disclosed or sold to third parties
• The categories of third parties to whom the business discloses or sells information
• Whether or not the business knowingly sells the personal information of consumers under the age of 16

Automated data mapping and categorization, such as Clarip’s data mapping software tools, improves understanding of what data is being collected and transferred internally and externally from an  organization’s websites and databases. The benefit of an automatic approach is that it’s more efficient and less expensive.  Furthermore, the sheer volume of data processed by social/dating apps would require some degree of data mapping automation.

At Clarip, we are committed to providing businesses with privacy compliance solutions.  We help companies stay compliant with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Lei Geral de Protecao de Dados Pessoais (LGPD), and other data privacy laws.  We specialize in automated data mapping, fully-automated end-to-end data subject request fulfillment, data risk intelligence scanning, and vendor and consent management.  Visit us at www.clarip.com or call us at 1-888-252-5653 to learn more today!