Irish data watchdog concerned about Tinder’s role as a data controller “with regard to transparency and its compliance with data subject right’s requests”
The Irish Data Protection Commission (DPC) is taking a long hard look at how Tinder owner MTCH Technology Services Limited handles user data — saying it has identified a “number of issues” surrounding Tinder’s data processing.
The investigation is one of two launched this week by the DPC, which said it is also closely examining how Google processes user location data.
“The issues raised within the concerns relate to the legality of Google’s processing of location data and the transparency surrounding that processing,” the DPC stated in its statutory inquiry notice, as Google promised to “cooperate fully”.
Google added in a statement emailed to Computer Business Review: “People should be able to understand and control how companies like Google use location data to provide services to them…. In the last year, we have made a number of product changes to improve the level of user transparency and control over location data.”
Tinder Data Investigation
With regard to the Tinder investigation, the Irish data watchdog said: “A number of issues have been identified from concerns raised by individuals both in Ireland and across the EU. The identified issues pertain to [Tinder’s] ongoing processing of users’ personal data with regard to its processing activities in relation to the Tinder platform, the transparency surrounding the ongoing processing, and the company’s compliance with its obligations with regard to data subject right’s requests.
It added: “As such, the DPC has commenced an own- volition Statutory Inquiry, with respect to MTCH Technology Services Limited, pursuant to section 110 of the Data Protection 2018 and in accordance with the co-operation mechanism outlined under Article 60 of the GDPR.” The Inquiry of the DPC will set out to establish whether the company has a legal basis for the ongoing processing of its users’ personal data and whether it meets its obligations as a data controller with regard to transparency and its compliance with data subject right’s requests.
Article 60 of GDPR details how authorities should handle complaints.
A MTCH spokesperson told Computer Business Review via an emailed statement that: “Transparency and protecting our users’ personal data is of utmost importance to us. We are fully cooperating with the Data Protection Commission, and will continue to abide by GDPR and all applicable laws.”