The Data Protection Commission (DPC) of Ireland has launched new probes under the General Data Protection Regulation (GDPR) into how user data is processed and managed by Tinder and Google.
In its announcement into both probes, which will be conducted separately, the DPC says that concerns have been raised about both companies in Ireland and elsewhere within the EU.
In the announcement of its investigation into Google, the DPC refers to how the company processes location data, saying:
“The issues raised within the concerns relate to the legality of Google’s processing of location data and the transparency surrounding that processing. As such, the DPC has commenced an own-volition Statutory Inquiry, with respect to Google Ireland Limited, pursuant to Section 110 of the Data Protection 2018 and in accordance with the co-operation mechanism outlined under Article 60 of the GDPR. The Inquiry will set out to establish whether Google has a valid legal basis for processing the location data of its users and whether it meets its obligations as a data controller with regard to transparency.”
The DPC’s announcement for the Tinder investigation is less specific and simply mentions MTCH Technology Services Limited’s ongoing processing of personal data on the Tinder dating platform. Back in January, however, the Norwegian Consumer Council (NCC) published a study suggesting that dating apps like Tinder and OkCupid, among others, may be collecting very sensitive personal information and passing it onto third parties for use in targeted advertising. This, according to the NCC, includes information like accurate location data, sexual preferences, and logs of online activity. At the time, the NCC filed complaints with local authorities about possible GDPR violations by some of the apps it studied.
When the GDPR took effect on May 25, 2018, organisations conducting business within the EU became subject to strict new laws on how they collect, store, and manage data collected from users, as well as how they secure it from breaches. This was coupled with new powers to impose much higher fines of 4% of annual worldwide turnover or €20m, whichever is greater. Some 190 penalties and fines have already been issued by various data protection regulators in the EU, mostly for failing to meet requirements for lawful processing and data processing principles.
Both investigations will seek to establish if the respective companies have a valid legal reason for processing the personal data in question and whether, as data controllers, they are meeting their obligations in terms of transparency and complying with requests in line with the rights of data subjects.
The GDPR has brought consequences for many businesses, not just digital service giants like Google and Tinder. While complying with the new regulation may initially seem like a drag, it can actually bring benefits to an organisation, such as enhanced consumer trust and better cybersecurity. It also need not be a huge hassle when you take advantage of the managed IT support services we offer here at Pro-Networks.