The time period from October to February of the following year is often playfully referred to as “cuffing season.” It’s the time of year when the majority of the world tends to display an increased interest in pursuing romantic relationships. With the world going into a complete lockdown in 2020 as a result of Covid-19, dating applications have witnessed a large uptick in sign ups and engagement. So, as cuffing season returns, we want to look at the privacy issues surrounding online dating sites and apps and consider whether we might be getting cuffed to more than just a romantic partner.

Privacy Risks With Online Dating

Online engagement in U.S. adults was already increasing due to the introduction of dating apps such as Hinge, Grindr, Bumble, Tinder, and OkCupid. However, the increase in usage and engagement ballooned at an accelerated rate during the pandemic. The parent company responsible for owning 60% of these dating applications in the market is “Match Group.” During the lockdown, they reported a 15% boost in their new subscribers. Around March-May of 2020, Bumble and OkCupid experienced a 70% and 700% increase in video calls and dates, respectively.

Apps in general tend to collect all types of personal data from all of their users. Dating apps and websites require certain personal data in order to perform their functions. This information may consist of pictures, phone numbers, email addresses, names etc. The data can be traced back to the user, especially when it’s aggregated or mixed with other data. Certain details like a user’s swipe history and geolocation history are collected, kept, and in some cases even shared outside the app. For example, Grindr even lets its users share their HIV status and recent test date.

These online dating platforms end up collecting, processing and sharing data. As a result, security or privacy breach could lead to tangible consequences like blackmailing, identity theft, doxing, revenge porn, reputational and emotional damage among others. This could be a heavy price to pay for a local sex hookup.

These potential consequences especially apply to sensitive content like sexual orientation and explicit pictures. For instance, Grindr admitted to sharing the HIV status of its users with 3rd parties back in 2018. It isn’t difficult to understand the potential negative consequences of this private knowledge being accessible to undesired parties. In 2015 Ashley Madison, the affair dating website, had a highly publicized data breach that exposed users identities and personal information. This event served as a wake up call to some of these companies leading many free sex sites and casual dating apps to bolster their cybersecurity efforts. However, these efforts could often be considered self-serving for these companies as they still have the ability to capitalize and profit off of their users’ data and information.

Privacy Policies In Dating Applications

There is a lack of a comprehensive and uniform law in the United States, which dictates the way companies should collect, store, process, and share the personal data of users. Only half of the states have successfully enacted laws, which require private companies to take certain security measures to protect user data. California happens to be the only one that permits its residents to legally access and delete personal data held by companies. The absence of national privacy is leaving many of us feelings of insufficient protection and increased uncertainties.

The FTC or Federal Trade Commission acts as the main enforcer for violations in data protection, but the authority of the agency happens to be largely limited. The FTC brings cases related to privacy under FTC Act’s section 5, which is about prohibiting businesses from engaging in practices or acts that are deceptive. It applies to a violation of their own privacy policy, failing to give reasonable standards of cybersecurity, and false advertising. FTC stresses the “Notice and Choice” system, which gives dating apps the freedom to set their own privacy policies.

Moreover, the degree of information that these apps possess brings the question of whether the government can legally access them without probable cause. However, the Supreme Court has provided privacy protections against the government to avoid interfering in the life and intimacy of the citizens. What remains unknown is whether future decisions of the court will apply to such constitutional protections towards a newer frontier of these dating apps and sites.

Federal Privacy Legislation & Its Need

A proposed path to resolve all the gaps and uncertainties inside the present privacy legal system is Congress passing new federal legislation. The privacy standards of the nation are imperative in successfully prohibiting businesses from trying to collect and process personal data in a way that could really harm users. It is also important for limiting the amount of personal data that companies control. Legislation could start setting boundaries in the way that companies handle data, irrespective of what account options or settings the user selects.

Many argue that companies should start restricting the system of how they collect, process, and transfer personal data at a minimum to offer a service. Under this attitude it would be expected that online dating companies make it a priority to remove data, which no longer serves a purpose to user functions. Victims of data breaches have asserted that companies should be asked to implement programs of data security for preventing breaches in cybersecurity, including programs of employee training and risk assessments. Many users believe they should be given the option of accessing, correcting, deleting, and requesting their personal data, which the company holds.

Here, such protections tend to mirror the CCPA (California Consumer Privacy Act) and GDPR (General Data Protection Regulation{https://en.wikipedia.org/wiki/General_Data_Protection_Regulation}), which would enable users to locate their personal data that is accumulated by these dating apps and sites. By accessing them, they have the freedom to request their deletion. Also, companies require clearer and better legal standards for improving accountability and algorithmic transparency. It also prevents data processing and sharing. The data may consist of information such as name, age, race, sexual orientation, gender, health, and religion.

As many well know, there is an ongoing conversation surrounding technology, data collection, and online privacy; and it is not an uncomplicated one. Inarguably, technology has provided improvements to our lives. Specifically, technology in the dating space has innovated and revolutionized the way we think about dating and romantic connections. With more people embracing dating sites and apps every day, it will be vital to consider privacy and cybersecurity issues while gearing up for the next cuffing season.

So, when such data is processed and shared, it can potentially lead to these individuals facing discrimination. The laws of anti-discrimination could be violated here, and it may withhold a lot of opportunities from them. Whenever a dating application or website collects demographic data or sensitive info in general about users and shares them with 3rd parties or external marketers, who manage automated decisions or personalized ads or in ways that can cause biased results or outcomes, then they should be held accountable and legally responsible.