Tinder is one of the many online dating companies of the Match Group. Launched in 2012, Tinder started being profitable as of 2015, greatly thanks to people’s personal data. On 3 March 2017, journalist Judith Duportail asked Tinder to send her all her personal data they had collected, including her “desirability score”, which is composed of the “swipe-left-swipe-right” ratio and many other pieces of data and mathematic formulae that Tinder does not disclose. Thanks to her determination and support from lawyer Ravi Naik, privacy expert Paul-Olivier Dehaye and the work of Norwegian consumers advocates, Judith reported on 27 September 2017 that she received 800 pages about her online dating-related behaviour.

Tinder did not disclose how desirable the company considered Duportail to be, though, even if it had disclosed it to another journalist. The 800 pages contained information such as her Facebook “likes”, her Instagram pictures (even if she had deleted her account), her education, how many times she had connected to Tinder, when and where she entered into online conversations, and many more things. “I was amazed by how much information I was voluntarily disclosing”, Duportail stated.

800 pages of personal data – surprising?

As a Tinder user, you should know that you “agree” to Tinder’s terms of use, privacy policy and safety tips, as well as other terms disclosed if you purchase “additional features, products or services”. These include the following:

“You understand and agree that we may monitor or review any Content you post as part of a Service.”

as part of a Service.” “If you chat with other Tinder users, you provide us the content of your chats .”

us .” “We do not promise, and you should not expect, that your personal information, chats, or other communications will always remain secure.”

information, chats, or other communications will always remain secure.” “By creating an account, you grant to Tinder a worldwide, transferable, sub-licensable, royalty-free, right and license to host, store, use, copy, display, reproduce, adapt, edit, publish, modify and distribute information you authorize us to access from Facebook, as well as any information you post, upload, display or otherwise make available (collectively, ‘ post’ ) on the Service or transmit to other users (collectively, ‘Content’).”

you authorize us to access post, upload, display or otherwise make available (collectively, ‘ ) on the Service or transmit to other users (collectively, ‘Content’).” “You agree that we, our affiliates, and our third-party partners may place advertising on the Services.”

on the Services.” “If you’re using our app, we use mobile device IDs (the unique identifier assigned to a device by the manufacturer), or Advertising IDs (for iOS 6 and later), instead of cookies, to recognize you . We do this to store your preferences and track your use of our app . Unlike cookies, device IDs cannot be deleted , but Advertising IDs can be reset in “Settings” on your iPhone.”

(the unique identifier assigned to a device by the manufacturer), or Advertising IDs (for iOS 6 and later), instead of cookies, . We do this to store your preferences and . Unlike cookies, device IDs , but Advertising IDs can be reset in “Settings” on your iPhone.” “We do not recognize or respond to any [Do Not Track] signals , as the Internet industry works toward defining exactly what DNT means, what it means to comply with DNT, and a common approach to responding to DNT.”

, as the Internet industry works toward defining exactly what DNT means, what it means to comply with DNT, and a common approach to responding to DNT.” “You can choose not to provide us with certain information, but that may result in you being unable to use certain features of our Service.”

Tinder explains in its Privacy Policy – but not in the summarised version of the terms – that you have a right to access and correct your personal data. What is clear to the company is that you “voluntarily” provided your information (and that of others). Duportail received part of the information Tinder and its business partners hold, no doubt partly because she is a journalist. Her non-journalist friends have not experienced the same benevolence. Your personal data has an effect not only on your online dates, “but also what job offers you have access to on LinkedIn, how much you will pay for insuring your car, which ad you will see in the tube and if you can subscribe to a loan”, Paul-Olivier Dehaye highlights.

Worse still, even if you close your account or delete info, Tinder or its business partners do not necessarily delete it. And the worst, you’ve “agreed” to it: “If you close your account, we will retain certain data for analytical purposes and recordkeeping integrity, as well as to prevent fraud, enforce our Terms of Use, take actions we deem necessary to protect the integrity of our Service or our users, or take other actions otherwise permitted by law. In addition, if certain information has already been provided to third parties as described in this Privacy Policy, retention of that information will be subject to those third parties’ policies.”

You should be in control

Civil society organisations fight this kind of practices, to defend your rights and freedoms. For instance, the Norwegian Consumer Council successfully worked for Tinder to change its terms of service. On 9 May 2017, EDRi and its member Access Now raised awareness about period trackers, dating apps like Tinder or Grindr, sex extortion via webcams and the “internet of (sex) things” at the re:publica 17 conference. Ultimately, examples like Duportail’s shows the importance of having strong EU data protection and privacy rules. Under the General Data Protection Regulation, you have a right to access your personal data, and companies should provide privacy by default and design in their services. Now, we are working on the e-Privacy Regulation to ensure you have real consent instead of a tick on a box of something you never read, to prevent companies from tracking you unless you provide express and specific consent, among many other things.

Now that you know about this or have been reminded of this, spread the word! It does not matter whether you are on Tinder or not. This is about your online future.

I asked Tinder for my data. It sent me 800 pages of my deepest, darkest secrets (26.09.2017)

https://www.theguardian.com/technology/2017/sep/26/tinder-personal-data-dating-app-messages-hacked-sold

Getting your data out of Tinder is really hard – but it shouldn’t be (27.09.2017)

https://www.theguardian.com/technology/2017/sep/27/tinder-data-privacy-tech-eu-general-data-protection-regulation

Safer (digital) sex: pleasure is just a click away (09.05.2017)

https://re-publica.com/en/17/session/safer-digital-sex-pleasure-just-click-away

Tinder bends for consumer pressure (30.03.2017)

https://www.forbrukerradet.no/siste-nytt/tinder-bends-for-consumer-pressure

(Contribution by Maryant Fernández Pérez, EDRi)