How does GDPR Affect Online Dating Platforms?

Since it became enforceable on May 25 2018 the European Union’s General Data Protection Regulation (GDPR) has has wide-reaching effects on the data privacy of Internet Browsers as it seeks to ensure that it always remains fully secure.

It is important that you carefully read the terms and conditions of the platform that you are registering for to make sure that none of your private data is being shared without your authorization. Dating platforms are one of the most ideal places for personal data that can be used for marketing purposes can be mined or stolen from as account holders typically complete a full profile including a lot of interests and personal details.

Already there have been instances where some of the larger online dating services have been accused of breaching GDPR. Tinder and Grinder, among other, are currently subject to a review in relation to an allegation that they were illegally personal data with third parties, despite no permission for this being provided by the data subject. The investigation in Ireland is being conducted by the Data Protection Commission. Teh DPC said: “The Inquiry of the DPC will set out to establish whether the company has a legal basis for the ongoing processing of its users’ personal data and whether it meets its obligations as a data controller with regard to transparency and its compliance with data subject right’s requests”. Read more here: Social Dating App Grindr Accused of Breaching GDPR.

Indeed, there is such massive potential for breaching GDPR in relation to this that the Online Dating Association in the United Kingdom has produced a guideline document. You can read it here. This included a joint document of guideline produced by ICO and the Competition and Markets Authority in the UK.

The main things to remember is that the following must be in place:

  • The account holder must be able to receive a full list of what data is being retained in relation to them.
  • The account holder must be allowed to obtain a list of all third parties which have access to their data.
  • No private data can be shared for any reason, other than the stated original uses agreed to, with the expressed permission of the account holder/data subject
  • Data is is being managed by the dating service must be maintained securely and in line with GDPR Requirements

If these conditions are not in place then the data subject is entitled to report the online dating service to their local data authority. If the online dating company is found to be in breach of GDPR then it may be subject to fines up to €20m or 4% of annual global revenue for the previous 12 months, whichever figure is higher.