The Irish Data Protection Commission – the supreme privacy regulator for nearly every US technology company – has launched a statutory inquiry into Tinder, following complaints about how it processes users’ personal data and handles data subject access requests.
The regulator said it been actively monitoring complaints about Tinder from individuals – in Ireland and across the EU – since GDPR came into force in May last year.
It says a “number of issues have been identified” which could have resulted in “thematic and possible systemic data protection issues” by Tinder’s parent company, MTCH Technology Services, also known as Match Group.
The company owns 45 dating apps, including Match.com, Tinder, Plenty of Fish and Ok Cupid.
The regulator stopped short of identifying what the issues were, but it is understood they could be related to data security, data deletion and data access to name just a few.
In a statement, the DPO said: [We have] commenced an own-volition statutory inquiry, with respect to, pursuant to section 110 of the Data Protection 2018 and in accordance with the co-operation mechanism outlined under Article 60 of the GDPR.
“The inquiry will set out to establish whether the company has a legal basis for the ongoing processing of its users’ personal data and whether it meets its obligations as a data controller with regard to transparency and its compliance with data subject right’s requests.”
In response, MTCH Technology Services said: “Transparency and protecting our users’ personal data is of utmost importance to us. We are fully cooperating with the Data Protection Commission and will continue to abide by GDPR and all applicable laws.”
Last month, the Norwegian Consumer Council (NCC) filed complaints against Grindr, OkCupid and Tinder over alleged mass abuse of personal data following claims that they are handing out sensitive user information willy-nilly to ad companies, in an “insane violation” of GDPR.
The NCC study tracked the activity of ten apps between June and November last year in order to identify how personal information – including sexual preferences, behavioural data, and location – is transmitted from these apps to commercial third parties.
Meanwhile, in September last year it was revealed that Match Group was being sued by the US authorities for allegedly using fake ads to persuade hundreds of thousands of users to subscribe to the service.
Swipe left: Top apps accused of ‘insane’ GDPR violation
Faking it: Match Group hit by legal action over false ads
Gay dating app Jack’d slapped with $240,000 payout
Casual dating giant spanked over shoddy data practices
Match jumps into bed with Mediacom for data-led task
eHarmony ‘lasting love’ ad dumped over data mismatch
Ashley Madison offers $11.2m to clean up messy breach