In Ireland the Data Protection Commission has become the latest data protection authority in the European Union to instigate an enquiry into the data processing that is being carried out by online dating service Tinder and the processing of location information by Google.
As has occurred in other EU member states, individuals in Ireland have complained to the DPC about how Tinder’s parent company MTCH technology Services Limited processes private personal data. It has been alleged that Tinder is in breach of the General Data Protection Regulation due to the way that the company deals with data processing and how it complies with its legal obligations to deal with data requests from account holders. The DPC released a statement which said: “The inquiry of the DPC will set out to establish whether the company has a legal basis for the ongoing processing of its users’ personal data and whether it meets its obligations as a data controller with regard to transparency and its compliance with data subject right’s requests.”
In response MTCH issued a release which said: “Transparency and protecting our users’ personal data is of utmost importance to us. We are fully cooperating with the Data Protection Commission, and will continue to abide by GDPR and all applicable laws.”
This move comes as other EU Member states have begun their own inquiries into the workings of MTCH. In Norway there have been allegations against Tinder and OKCupid while an official investigation has been instigated against Grindr.
In relation to the investigation in Google, the DPC said: “The inquiry will set out to establish whether Google has a valid legal basis for processing the location data of its users and whether it meets its obligations as a data controller with regard to transparency.”
A representative for Google said, in response, “We will cooperate fully with the office of the Data Protection Commission in its inquiry, and continue to work closely with regulators and consumer associations across Europe. In the last year, we have made a number of product changes to improve the level of user transparency and control over location data.”
If either entity is found guilty of breaching GDPR then they could be faced with financial penalty of €20m or 4% of annual global revenue for the previous financial year, whichever figure is higher.