Tinder’s handling of user data is now under GDPR probe in Europe

Dating app Tinder is the latest tech service to find itself under formal investigation in Europe over how it handles user data.

Ireland’s Data Protection Commission (DPC) has today announced a formal probe of how Tinder processes users’ personal data; the transparency surrounding its ongoing processing; and compliance with obligations with regard to data subject right’s requests.

Under Europe’s General Data Protection Regulation (GDPR), EU citizens have a number of rights over their personal data — such as the right to request deletion or a copy of their data.

While those entities processing people’s personal data must have a valid legal basis to do so.

Data security is another key consideration baked into the data protection regulation.

The DPC said complaints about the dating app have been made from individuals in multiple EU countries, not just in Ireland — with the Irish regulator taking the lead under a GDPR mechanism to manage cross-border investigations.

It said the Tinder probe came about as a result of active monitoring of complaints received from individuals “both in Ireland and across the EU” in order to identify “thematic and possible systemic data protection issues”.

“The Inquiry of the DPC will set out to establish whether the company has a legal basis for the ongoing processing of its users’ personal data and whether it meets its obligations as a data controller with regard to transparency and its compliance with data subject right’s requests,” the DPC added.

It’s not clear exactly which GDPR rights have been complained about by Tinder users at this stage. But some users have accused the company of not providing a copy of all the data it holds on them

We’ve reached out to Tinder for a response to the DPC’s investigation. Update: Tinder’s parent company, Match Group, has now sent us this statement: “Transparency and protecting our users’ personal data is of utmost importance to us. We are fully cooperating with the Data Protection Commission, and will continue to abide by GDPR and all applicable laws.”

Also today the DPC has finally responded to long-standing complaints by consumer rights groups of Google’s handling of location data, announcing a formal investigation of that, too.