Dating App OkCupid: US Authority Criticizes Secret User Data Transfer
Sensitive data from millions of users allegedly ended up with a biometrics startup. The FTC lets those responsible get away with mild conditions.
(Image: Fractal Pictures/Shutterstock.com)
Match Group is said to have shared extensive user data from its dating app OkCupid, including almost three million photos, with the biometrics company Clarifai. According to the US Federal Trade Commission (FTC), the photos were sent to the then-startup in 2014 along with location data and other personal information. There, they were used to train image recognition software. The operators are also said to have concealed the data transfer for almost twelve years and deliberately denied it to the public and concerned users.
Possible consequences for those affected would be that their biometric data remains permanently in facial recognition systems and they become identifiable in other contexts. Furthermore, conclusions could be drawn about other intimate details, especially if the information is linked with other data sources or resold to other companies.
Settlement without penalty
The majority of OkCupid users are from the United States. The FTC documents do not specify which other countries may be affected. Match Group, which claims to be the world leader in online dating, is active in Germany primarily with apps such as Tinder or Hinge.
Following a lawsuit by the FTC, the supervisory authority has now reached a settlement with the operating companies Match Group and Humor Rainbow. The operators do not admit the allegations of unlawful data transfer but commit to stricter data protection regulations, for which a fine is to be waived.
Clarifai, in which the OkCupid founders were personally involved as investors, is said to have requested the data and received it without consideration and with no restrictions on its use. The affected users of the dating app were allegedly not informed by Match Group at the time, nor were they given the opportunity to object to the transfer.
Videos by heise
No more experiments?
The settlement of March 30 (Case No. 3:26-cv-00996-K, FTC Case Page), which still needs to be signed by a judge, waives financial penalties or other severe consequences for those responsible. Among other things, Match Group is obliged to train its executives and report regularly on data protection measures. The FTC will also be able to interview employees, request documents, and conduct covert investigations for the next 20 years.
In return, Match Group waives its right to appeal and accepts the conditions without formally admitting the allegations. An OkCupid spokesperson merely stated that the conditions criticized by the FTC from 2014 no longer correspond to the company's current data protection standards. At the time, the company still spoke openly about "experimenting" with user data.
Not an isolated case
This is not the first time the FTC has taken action against Match Group. The company is also criticized for allegedly being grossly negligent with users when it was aware of reported assaults.
However, Match Group is not the only provider with such data protection incidents. Especially concerning external data breaches, other dating apps are often inadequately protected. For example, security researchers from Belgium and Denmark have previously exposed vulnerabilities.
In the case of other dating apps such as Grindr, data leaks have also occurred in the past. European data protection authorities have also already taken legal action.
(vbr)
