Introduction

Few years back, the only mode of connecting via the internet were social media websites, mainly Facebook and WhatsApp. It was considered embarrassing to even admit the existence of an online partner but what is seen now is the virtual world full of online dating and matrimonial apps. The taboo associated with the following has gone and platforms like Occupied, Tinder, Happy, are some of the most downloaded plays tore apps. It has even been found by Proceedings of national academy of sciences that 40% of the new relationships were due to online dating apps. It is good to see modernisation and rising virtual connectivity, but what needs to be cautioned about it are the privacy concerns these platforms carry with them which has now become the new area of interest for privacy and surveillance experts. To understand this, it is crucial to understand the working algorithm of these apps and its related concerns.

Working algorithm

The perfect matching partner needs to be suited according to personal preferences, emotions, sexuality and interests. The computer being only a machine cannot find and interpret human emotions. The only way it undertakes the process is by reading and organising data. Different apps have different ways of collecting data but the base and target of human attractions remains constant. The common way is to ask questions. For instance, if a platform asks “Whether you would like short heighted partner?” and the answer is “yes” then more recommendations of the same trait will be reflected on the profile. “To put it plainly, it is a computer deciding who has more potential to match with you, chooses who you’re seeing/swiping, and who you’re not seeing,” says Liam Barnett in his dating blog. This type of algorithm is sustainable and finds attraction based on mere questions, but the question that lies is: Can an algorithm find the “correct one” and are such findings reliable? Many experts’ opinions on this are that we shouldn’t rely on these findings 100%. Many times, these questionnaire data can be hacked and people can pretend to be different to allure and deceive the other person. This is the case when computer calculations and AI can fail too. Tinder for instance, works on giving its users a desirability score which is not disclosed to general public. Based on this score it finds a matching partner. This score is not only calculated by viewing profile picture or swipes but a complicated system of AI data collection even admitted by CEO of Tinder. If this user-sensitive data is hacked or leaked, all personal information, pictures, preferences can be out in general public posing a great threat to privacy. Besides this, there are many other privacies concerns these apps carry along with them which cannot and should not be ignored.

Collection of sensitive data

The collection of sensitive data will definitely raise questions on its safety. The dating app has access to all the pictures uploaded, sexual orientations, interests mentioned. Bumble in its policies explicitly stated that it uses user’s pictures and may screen them for obscene content. Tinder uses all the information we give them and even takes other information like contacts and connected social media handles. The services users use generate a technical data which Tinder stores for its internal use. The IP Address, usage information, device information all is at mercy of tinder’s storage. Journalist Judith Dupo tail reported in the Guardian that Tinder gave him 800 pages of information when he asked for same which included social media information, texts, pictures and other private content. Recently research was conducted by the Wired which revealed that 845 GB of data in form of photos, chats etc. was leaked from sites like Grindr and Cam4. These apps also share its user information with third party apps and advertisements agencies which copy the URLs to display the target ads. For Instance, a bug in the chat feature on the dating app Jack’d made it possible to view users’ images sent as “private” on the public internet, as reported by Ars Technica last year.

Location

To show users its potential matches, these dating apps require wi-fi access and GPS readings thus tracking its user all time. This can risk individuals’ privacy and daily lives. Tinder, Bumble, Happn and Her require constant geospatial data from their users. Happn explicitly in its privacy policies stated that it uses the user location constantly along with IP addresses and wi-fi codes. If a user allows the app to show their proximity it’s not hard to calculate their position by means of triangulation and spoofing.

Data Transferring

Many online dating apps have been found to share users’ data and personal information without their consent. Many laws don’t allow for sharing of data without consent. For Instance, European Data Protection Law and CCPA prohibit sharing and transferring of data. Okcupid after giving limiting options share the data with its service providers and even engage in cross border transfers.

Data protection laws

Many global federations and countries recently came up with data protection laws and regulations to protect consumers interests and prevent cross-border data sharing. According to United Nations Conference on Trade and development 128 out of 194 countries had put in legislations for data protection and privacy. In Asia and Africa 55% nations adopted legislations out of which 23 were least developed countries. But can a legislation be a panacea for all data privacy issues, especially when it comes to online dating apps? Many reports showed that major data leaks were due to selling of sensitive data to third party companies. Wizcase security teams have recently uncovered breaches in 5 different dating site and app databases. Data leaks were found in U.S.A, Spykx, Yestiki, Blurry and Charincharin. Thus, it is evident that these laws lack effective implementation. Policy makers need to ensure the strong regulation of these laws.  Some of the global legislations are:

• General Data Protection Regulation: In January 2012, EU legislated new law as GDPR. The law requires companies and apps to be transparent of the information they are gathering and enable users to access, control and delete the data. GDPR replaced the previous EU’s legislation of 1995 and now firms are required to notify users of any data breach within 72 hours and have clear user consent. The GDPR offers some of the best solutions to tackle the privacy issues of online dating apps. By accessing all the data, users can get overview of their potential threats and can delete sensitive data like credit card information, location, sexual orientation and profile pictures. GDPR recognizes various posts within the organization for facilitating data protection. It requires mandatory post of Data Protection Officer (DPO). Fines for non-compliance of the same can range from $25 million to 4% of company’s annual revenue. Such legislation act as a deterrent for companies and effectively protects the users’ content. Despite of these regulations and stringency, there are grave violations of data privacy law. Testing conducted by the Norwegian Consumer Council has found that dating apps are funnelling sensitive personal data to advertising companies. The report found that 135 different third-party companies in total were receiving information from these dating apps.
• Indian data protection laws: The joint parliamentary committee on December 16 2021 presented report on the proposed Data Protection Law. The bill is yet to be tabled as a law. The data protection law is inspired from GDPR and goes on same lines to protect users’ interests from threats of online apps. It seeks to protect both personal and non-personal data. The bill also requires reporting within 72 hours in case of data breach. Under the upcoming data protection law, data fiduciaries and processors are required to implement security safeguards that use de-identification, encryption, steps to protection personal data integrity and to prevent misuse, unauthorized access, modification, disclosure or destruction of personal data. This can be a revolutionizing attempt by the Indian government for data protection. If online dating apps are made responsible for protection of data integrity, then the frequency of data breaches and third-party selling is likely to reduce further, lowering down privacy leaks. The same notification was given by Bureau of Indian Standards as IS 17428. Similar provisions were issued by RBI and MHA for regulating apps in case of financial transactions and geo-mapping. Department of Science and Technology issued Guidelines for acquiring and producing geospatial data and services including Maps. This restricted foreign entities from creating or owning, hosting geospatial data more than certain prescribed limits. They are also restricted from conducting terrestrial mobile mapping surveys and street view surveys. Many dating apps are based outside Indian territories; thus, now foreign dating apps cannot use triangulation and geo mapping more than prescribed threshold. These regulations can be best served if implemented effectively.

Conclusion

Dating apps are becoming the modern way of growing connections and building romantic relationships but they are not exclusive of data privacy concerns. Dating apps can themselves do a lot to protect users’ data. Some of the possible ways can be blurring the profile picture of users from unconnected profiles, enabling users to take more control over the collected data and not requiring geo-location services while using the apps. More encryption will be ensured if companies step up their security and users educate themselves better about the data they are sharing.

About the Author

Naman Singla is a student currently pursuing his LL.B. from Rajiv Gandhi National University of Law