Swipe right for data protection

Ryan Carrick

Irish data regulators have launched an inquiry into Tinder and Google’s processing and managing of users’ data.

The Data Protection Commission, in its role as Lead Supervisory Authority for Google, received a number of complaints from various consumer organisations across the EU, in which concerns were raised with regard to Google’s processing of location data.

The issues raised relate to the legality of Google’s processing of location data and the transparency surrounding that processing. The inquiry will set out to establish whether Google has a valid legal basis for processing the location data of its users and whether it meets its obligations as a data controller with regard to transparency.

This inquiry is pursuant to Section 110 of the Data Protection 2018 which states that the Commission may conduct an inquiry into suspected infringement of the relevant enactment. This is in accordance with the cooperation mechanism outlined under Article 60 of the General Data Protection Regulation (GDPR). 

DCU Communications student, Ben Delaney, says he chooses to stay oblivious to the use of his personal information on apps. 

“After it has come out that companies misuse information, I should be more diligent,” he said. “But when I’m using Tinder I’d put up my personal information and location and not really think about it.”

According to a study conducted in 2019 by the Norwegian Consumer Council, dating apps Grindr, OkCupid, and Tinder are allegedly spreading user information like sexual preferences, behavioural data, and precise location to advertising companies in ways that may violate privacy laws.

According to the report, titled “Out of Control”, Tinder’s “privacy policies do not specify which third parties may receive personal data from the apps for advertising or analytics purposes.”

A spokesperson from Google said people should be able to understand and control how companies like Google use location data to provide services to them.

They added: “We will cooperate fully with the office of the Data Protection Commission in its inquiry, and continue to work closely with regulators and consumer associations across Europe.

“In the last year, we have made a number of product changes to improve the level of user transparency and control over location data.”

GDPR, which came into effect in 2018, seeks to give users more control of their data and force companies to adhere to stricter rules around processing that information. If a firm is found in violation of GDPR, regulators can impose fines of up to 20 million euros or four per cent of a company’s total global turnover, whichever is higher.

Ryan Carrick

Image Credit: Sonja Tutty