Matching Dating Apps with Regulation

In the modern dating scene, more and more people define romance by “swipes” and “super likes” as they indicate romantic interest through apps. In 2019, 39 percent of couples in the United States reported that they met online. Furthermore, in 2021, the dating app market made over $5.6 billion in revenue, with Tinder boasting 75 million annual users.

COVID-19 may have contributed to a massive rise in online dating. Match Group, the parent company of popular dating apps such as Tinder and Hinge, reported a 15 percent increase in users in the second quarter of 2020.

Online dating has provided a safe way to meet people amid pandemic lockdowns, but dating apps also allow companies to collect personally identifiable information that users may wish to keep private. Dating apps often prompt users to upload photos and connect sensitive information to their profiles, such as age, phone number, and email addresses. Many users also enable location sharing, and Grindr–an LGBTQ+ focused dating app–even allows users to upload health information such as HIV and vaccination status.

In 2020, the Norwegian Consumer Council found that Tinder, Grindr, and other dating apps sold their users’ personal information to third parties. In addition, in 2018, Grindr admitted to sharing its users’ HIV status information with third-party companies.

Dating apps have also become platforms for online sexual harassment and fraud. According to a research study, 37 percent of users have experienced some form of harassment on these digital platforms, with young women experiencing a disproportionately higher frequency of negative online interactions.

Despite the privacy issues and online harassment that come with dating apps, there is limited federal privacy legislation, and the companies that profit off of these apps experience limited liability for their users’ actions. Section 230 of the Communications Decency Act, for example, shields technology companies from liability when harmful content is posted on their platforms by third parties. Furthermore, the U.S. Federal Trade Commission–the agency responsible for enforcing data privacy violations–has historically failed to issue substantive rules for data protection.

In this week’s Saturday Seminar, we collect scholarship discussing how policymakers can regulate dating apps to enhance data privacy and protect users against online harassment.

• In a forthcoming article in the Boston University Law Review, Danielle Keats Citron of the University of Virginia School of Law argues that Congress should reform Section 230(c)(1) of the Communications Decency Act to include a special duty of care for content platforms protected by a legal shield from liability. This duty of care, Citron contends, applies to intimate privacy violations, cyber stalking, and cyber harassment of platform users. To invoke Section 230(c)(1)’s legal shield, she proposes, platforms would need to show they have taken “reasonable steps to address unlawful uses of its service that clearly create serious harm to others,” even if those efforts failed.
• Despite the harm bad actors cause on dating apps, lawmakers and courts have been reluctant to apply a legal framework to sexual fraud, argues Irina D. Manta of Hofstra University Maurice A. Dean School of Law. In an article published in the Wake Forest Law Review, Manta proposes reducing deception and search costs in the dating marketplace using tools from trademark law. She argues that the same three questions that trigger redress for deceptive terms under trademark law—whether (1) the term is misdescriptive as applied to goods; (2) a person would be likely to believe the misrepresentation; and (3) the misrepresentation materially affects the purchaser’s decision to buy such goods—should apply to instances of sexual fraud. An affirmative answer to any of these questions, Manta contends, should result in legal redress against the defrauder through criminal or tort law.
• In an article published in Crime, Media, Culture: An International Journal, Zahra Stardust and Rosalie Gillett of Queensland University of Technology and Kath Albury of Swinburne University of Technology discuss the harmful ways dating apps share data and argue for greater accountability for these practices. Stardust, Gillett, and Albury explain how dating apps have shared their users’ data with law enforcement to assist with surveillance, targeted policing, and entrapment. Policymakers have taken steps to give users the right to access or delete their own data, they explain, but they argue for greater accountability for companies’ privacy policies. To achieve this increased accountability, they argue, dating apps should be more transparent about how they handle user data and “far more intentional about how they obtain informed and specific consent from their users.”
• In an article published in Law & Social Inquiry, Ari Ezra Waldman of Northeastern University School of Law analyzes how privacy and internet law inadequately protect intimate information disclosed between users over dating apps. On these apps, users often share intimate photos, and there is no intermediary liability if other users on the platform disseminate and use such photos for malicious purposes, Waldman explains. He suggests reforming Section 230 of the Communications Decency Act to help victims of “revenge porn,” or nonconsensual image sharing. Rather than granting dating app platforms broad immunity, Waldman argues, Section 230 could condition immunity on “reasonable efforts to combat unlawful activity,” which would encourage digital platforms to combat the harmful distribution of sensitive images.
• ​​In a paper published in the Conference on Information Systems Applied Research Proceedings, Darren R. Hayes and Christopher Snow of Pace University discuss the privacy risks posed by dating apps. Hayes and Snow explain that dating apps openly access users’ locations in order to match them with other users in their area, but store further data for additional uses. Hayes and Snow argue that Tinder and Bumble access other data-rich apps such as Spotify and Facebook through a process called “deep linking,” allowing the apps to collect personally identifiable information. Grindr allows advertisers to collect user data through cookies and other tracking technologies, they contend. Hayes and Snow argue that this is a privacy issue because the app’s privacy policies do not clearly disclose the extensive and invasive nature of these data-collection practices. Thus, they propose that regulators enforcing the General Data Protection Regulation more closely monitor the data collection practiced by mobile app developers, as the focus of the regulation thus far centers on traditional websites. Further, they recommend that dating applications encrypt the user’s device data and data entered into their servers so that personally identifiable information is not taken by third parties.
• In a paper published in the Information & Communications Technology Law Journal, Cameron Giles of London Southbank University School of Law and Social Sciences, Chris Ashford of Northumbria University School of Law, and Kevin J. Brown of Queen’s University Belfast School of Law explore the online safety issues gay, queer, and bisexual men face on same-sex male dating apps. Giles, Ashford, and Brown discuss users’ concerns over the accuracy of information being shared by potential partners, ranging from “white lies” to blatant misrepresentation. They argue that modern dating applications lack proper identity verification measures, leaving it to users to balance providing enough information to foster trust with protecting their privacy and reputational concerns. They note that although app-enforced identity verification could be a solution, it would force users to provide personally identifiable data in a space where they are sharing intimate photos, raising concerns of reputational harm. Accordingly, Giles, Ashford, and Brown advocate tailored, app-specific regulation, as the issues unique to same-sex male dating apps require legislation different from other dating applications.