Swipe right: Who is accessing your dating app data?

By Alison Donnellan

Online dating can be a bit of a minefield, but it’s not just bad dates that you need to be worried about. Are you aware your dating app data is reaching more than potential matches?

It was discovered last month that popular dating apps have been sharing detailed personal information with thousands of organisations. This has resulted in the exposure of users’ locations, photos, age, sexual orientation and, in the case of one app, drug use and political views.

While it’s easy to say, ‘well, they provided their information,’ it’s not that black and white. To explore this issue of privacy, trust and responsibility, we need to start with the fundamentals.

What is consumer data privacy?

Data privacy is the relationship between the collection and distribution of data. Ethical data privacy requires explicit consent, notice, collection, storage and regulatory obligations.

There are growing concerns around the ability of organisations and governments to collect, store, process, analyse, interpret, consume and act upon data – without invading someone’s privacy.

Why is it so important?

Data privacy is your fundamental right. The protection of your personal information safeguards your dignity and autonomy. There are multiple harmful effects of profiling and behavioural advertising. These include loss of trust in the digital economy, reduced freedom of expression, fraud, manipulation and discrimination.

“While providing information about yourself to these platforms can be helpful in terms of personalising user experiences, it can also be weaponised. Such as in cases of election manipulation through targeted ads,” explains Hugo O’Connor, Senior Engineer at CSIRO’s Data61.

“In these cases, a person’s autonomy is essentially removed, and they’re manipulated by their own personal data. This is why it’s so important to be aware of how your data is collected and could be used in future.”

What could my data be used for?

The short answer is that no one except the organisations sharing, selling, and using your information know.

“These apps and these platforms might be monetising user dating app data without the user even knowing,” says Dr Dali Kaafar, Leader of CSIRO’s Data61’s Information Security and Privacy Group.

“And there’s no way for individuals to track exactly who is using their data and how. Some people might be okay to give away their data.

“But those same people might not be okay for their data to be used for that purpose. For example, the Cambridge Analytica political advertising scandal.”

How have dating apps been violating my data privacy?

Testing by the Norwegian Consumer Council (NCC) this year found that Grindr passes GPS coordinates to eight different companies.

Other apps have also been known to share sensitive personal information with various companies, and provide details about the user’s hardware to a mobile marketing platforms for their use.

Both OkCupid and Tinder disclose GPS coordinates, and reserve the right to share data with other companies that come under the umbrella of its parent company, Match Group.

NCC report: Out of Control states:

“This means that dating app data collected through Tinder may be shared with OkCupid and vice versa.”

“The apps may also share data with Match.com, PlentyOfFish, and other Match Group brands, which includes at least 45 dating related businesses.”

“This means that, according to the privacy policy, a Tinder-user could have their personal data used by PlentyOfFish, even if they never used that service.”

According to Dr Kaafar, this violation of consumer privacy is even more unethical because of the nature of dating apps.

“People would be thinking that the more data I provide this app with, the better the possibility of matching with someone would be,” he said.

“It’s really vicious from that side of things, as the concept of ‘utility’ has been transformed into ‘functionality’.”

What’s the solution?

It’s the responsibility of both users and platforms to take precautionary measures around data.

“Organisations need to re-evaluate what they need data for, and ensure they are only collecting what they need for the service or app to function,” says O’Connor.

An example of this would be when Tinder directed potential matches towards an individual’s Instagram account, putting that person at risk of becoming more identifiable and at risk of malicious activity, such as stalking.

These platforms also need to improve how user consent is given. Lengthy ‘Terms and Conditions’ agreements often discourage people from finding out what they’re really signing up for.

“Organisations need to be short, sharp and snappy on what users are consenting to. They should provide a receipt of what they’ve agreed to, and should provide an avenue to rescind consent,” says O’Connor.

Data 61 is currently working on techniques that can combat the issue of how, what and who is being used.

“We’re developing a new form of encryption. It will ensure whenever a person’s data is being used by a third-party entity, the first party (the person who provided the information) would be alerted,” he explains.

“So, this creates some sort of chain of trust which is known to the original entity and the subsequent entities that are using the data.”

“It’s very difficult to come to a true solution that ensures trustability. But we’re helping in making this possible.”

How to protect your privacy on dating apps