The mobile application market is flooded with dating apps: Tinder, OkCupid, Coffee Meets Bagel, Hinge, Bumble, and dozens more. They might make love happen, but they also risk more than just a bad date. The sheer amount of data these apps collect about users is staggering. After the giant Facebook data breach last Friday, it is time for a closer look at the privacy risks and lack of protection for dating app users.
Some areas of the app universe, such as health apps, have begun to be regulated at the state and federal levels due to the highly sensitive nature of the data that is plugged into them. Yet overall the regulation of mobile apps is still the Wild West.
There are usually legal claims available against individuals who share a user’s information without his or her permission. For example, in a California case, there was a whole website dedicated to posting private images of former significant others for extortion. The court convicted the website owner on over 30 counts of unlawfully using private information.
It is much harder to go after the social network itself—yet social networks are the larger threat to our privacy. An individual is limited to misusing the information a user makes available to him or her. The social network not only has the information you make available to it, but also compiles further information about you through algorithms. When one journalist asked the popular dating app Tinder for access to her personal data, she was greeted with an 800-page dossier on her dating interests, past conversations, information from her other social media accounts, and a slew of other personal information.
Naturally, anything related to an individual’s sexuality is highly sensitive and quite embarrassing if released out into the public. Beyond just embarrassment, it can also ruin careers and even lead to suicide. Considering that nearly 50% of people have shared intimate messages or pictures over their phone, that is a huge risk.
More risqué behavior is not even the only or even worst risk—simply entering basic information into a dating app could put someone at risk of a breach of privacy. Popular dating apps such as Tinder first ask about a user’s sexuality, and while that makes it much easier for gay individuals to find dates, it also forces them to be out about their sexuality. Depending on where an individual lives, or whether they are out about their sexuality to friends and family, seeing his or her profile appear as interested in the same sex could put them at risk of exposure, or worse.
Particularly problematic are dating apps that are exclusively for gay people, such as Grindr or Jack’d. Simply having the app confirms that someone is almost certainly not straight. A large number of apps have permissions to see other apps on your phone, and more then 70% of apps send that information to third parties marketers. With the large number of mobile app data breaches—compromising everything from you health information to your next flight—the sheer amount of data collected by dating apps is an accident waiting to happen.
One way to better protect privacy on dating apps in the United States would be to adopt a comprehensive data protection regulation like the European Union. The EU’s General Data Protection Regulation creates more transparency by forcing data collectors to disgorge their collected information to users and allowing users more control over what is stored by online systems. Another strategy would be to create more specific regulations for dating apps specifically, such as those few that already exist for medical apps. Regardless of the exact form, a fusion of legal regulation and increased awareness by users of dating apps is critical to mitigate the vicious social backlash that will inevitably ensue from a dating app data breach.*
*Michael Goodyear is an associate editor on the Michigan Technology Law Review.