Today, the FTC announced an enforcement action against OkCupid (operated by Humor Rainbow, Inc.) and Match Group Americas for allegedly deceiving dating-app users by sharing their personal data — including nearly three million user photos, location data, and demographic information — with an unauthorized third party that had no business relationship with OkCupid. The sharing reportedly occurred because OkCupid’s founders were financial investors in the recipient entity, and the company imposed no contractual restrictions on how the data could be used. The FTC further alleged that OkCupid and Match have taken extensive steps since 2014 to conceal this data sharing, including attempts to obstruct the agency’s investigation and publicly denying involvement with the third party after a news report surfaced the datasets. ftc The complaint was filed in the Northern District of Texas.
Under the proposed settlement (approved 2–0 by the Commission), OkCupid and Match are permanently prohibited from misrepresenting how they collect, use, disclose, or protect personal information, as well as the purpose of that data processing and the function of any privacy controls offered to consumers. Future violations could carry monetary penalties. ftc This case is a sharp reminder for any company handling consumer data — particularly in industries built on sensitive personal information — that the FTC will enforce the privacy commitments you make in your policies, and obstruction of an investigation only increases your exposure. If your privacy policy says you won’t share data outside defined categories, your operational practices need to match, full stop.
If you handle sensitive consumer data, the attorneys at Troutman Amin can help you develop policies and procedures that, if followed, will keep you in compliance with your data privacy obligations.
CIPAWorld 