Dating App Privacy Lawsuits | Facial Recognition Data Sharing

The Lyon Firm is investigating numerous dating app privacy lawsuits that have been filed around the country. Several companies have been accused of collecting and storing facial geometry using facial recognition technology without proper user consent. 

Our legal team has experience in filing a range of class action data sharing lawsuits on behalf of plaintiffs nationwide. We believe very strongly that any company who collects and stores your data has a duty to keep it private, and should not sell or share it without consumer consent.

If you have reason to believe a dating app shared or sold your personal information without your consent, you should contact and attorney and learn more about filing a Class Action Dating App Privacy Lawsuit.

Dating Apps Unlawfully Collecting Facial Recognition Data

Our lawyers would like to hear from residents of California, Texas or Illinois who have used Bumble, Hinge, OkCupid, Tinder or another dating app and had to upload a video or photo selfie to verify that they were the person in their photos. According to some previous dating app data privacy lawsuits, attorneys believe the dating apps violated the Biometric Information Privacy Act (BIPA) by collecting and storing consumers’ facial geometries without obtaining proper consent.

Hinge, OkCupid and Tinder, all owned by Match Group, have added an “identity verification” feature that promts users to upload a selfie to confirm that they are a real person. The uploaded selfie then undergoes a “3D Face Authentication” process in which facial recognition technology is used to extract the user’s facial geometry.

Facial geometry is in a category of personal information called “biometric identifiers” that are covered under the CCPA and BIPA. Both the CCPA and BIPA specify that before a company can collect and store biometric information, they must first inform them in writing that their information is being collected and stored. By law, they must also state the length of time for which the data will be collected, stored and used. The company is meant to schedule when the user data will be destroyed.

The companies who own dating apps have been targeted in data misuse class actions and face huge damages under California and Illinois biometric data collection law.

Match was previously sued by others under BIPA. The case said the defendant violated biometric facial recognition privacy law by improperly scanning the faces of user who upload their photos to verify their Tinder profiles.

What Happened at Grindr?

The Lyon Firm is reviewing ongoing litigation overseas surrounding reports that Grindr, a popular gay dating app, has allegedly been sharing the HIV status and other sensitive personal information of users with advertising companies. Our data privacy lawyers are investigating similar reports of illegal data sharing in the United States by Grindr and other dating app companies.

Grindr has been sued in London for allegedly sharing personal information with advertising companies without users’ prior consent. A plaintiff claims that the data sharing violation included the sharing of individual HIV status, test dates, ethnicity and sexual orientation.

According to the filed dating app privacy lawsuit, Grindr allegedly shared the personal data with “adtech” companies Localytics and Apptimize. There is supposedly evidence that they may have supplied the companies with user data before April 2018 and also between May 2018 and April 2020. When these rumors of Grindr data sharing first broke in 2018, Grindr admitted it had shared HIV data with Apptimize and Localytics, and said it would end the practice.

A separate report from The Wall Street Journal in 2022 indicated that Grindr sold precise location data on Grindr users. In a related matter, Norway’s data protection agency fined Grindr $6 million in 2021 for violating the EU’s General Data Protection Regulation. The agency said Grindr had illegally shared “personal data with third parties for marketing purposes.”

Grindr was one of the first social apps for gay men when it launched in 2009, and has become the largest and most popular gay mobile app in the world. Unfortunately, the company now has a history of sharing sensitive user data. The Wall Street Journal discovered that precise user location data was collected from the online ad network MoPub and put on sale through its partner company UberMedia.

The company says it stopped the practice when it limited location data collection in 2020, but it’s possible that information might still be available. One former employee speaking to the Journal claimed Grindr initially didn’t believe sharing location data with marketers posed privacy issues.

Understanding Dating App Privacy Violations

The problem, as many individuals see it, is that the company sold or shared sensitive information to third parties it doesn’t control. When a consumer shares their information with one company, there is a reasonable expectation that the provided data will be somewhat protected and not shared with the world. Users may be willing to make their HIV statuses and other personal information public, but that is their  prerogative, not that of a corporation.

First uncovered in 2018, the fact that Grindr was sharing information and giving ad companies an extensive range of data is now considered old news for some. But there is still reason for concern, not only for users of that particular app but for other dating apps. Dating App data sharing and privacy violations have been reported by other whistleblowers and plaintiffs in the past.

In another dating app privacy lawsuit, Bumble Inc., Buzz Holdings, was recently sued for allegedly violating Illinois Biometric Information Privacy Act (BIPA) privacy law by collecting and storing users’ facial geometries without obtaining proper consent. Under BIPA’s requirements, consumers may be entitled to as much as $5,000 per privacy violation. Plaintiffs claim that Bumble may have collected users’ biometric data through the photo verification feature without complying with state law.

A different lawsuit has been filed against Match Group, which owns the dating apps OkCupid and Tinder, for possibly violating the BIPA by unlawfully collecting, storing, and disseminating facial geometry data without customer consent and without proper safeguards in place to protect consumers. The complaint alleges Match operated without a publicly available retention policy and disclosed  customer biometric data to third parties without consent or authorization.

The Federal Trade Commission (FTC) has investigated Match for possible data misuse and whether OkCupid improperly shared photos with a facial recognition business. The dating apps, are not the only companies accused of taking advantage of consumers with biometric facial recognition violations. Facebook settled a lawsuit with plaintiffs who claimed the company “illegally collected and stored biometric data of millions of users without their consent.” The complaint alleged that Facebook violated BIPA through the “tag suggestions” feature and Meta developed “a face template using facial recognition technology without consent.”

Dating App Facial Recognition Privacy

Companies have been free to take consumer data for many years while most emerging privacy laws are inexplicably stymied in congress. But legal action is an option for individuals who believe companies invade their privacy. The number of biometric privacy class actions continues to soar, with dating app privacy lawsuits and other biometric data cases that involve facial geometry or facial recognition technology.

The Illinois Biometric Information Privacy Act is the most cited biometric law in the United States, as it regulates the collection and storage of retina scans, iris scans, fingerprints, palm prints, voice recognition, facial-geometry recognition, DNA recognition, gait recognition, and scent recognition.

Because of its comprehensive coverage and stringent interpretation of consumer data privacy rights, many dating app class actions and facial recognition privacy cases have been filed in Illinois. Other states, however, are catching up in the biometric data rights arena.

In Texas a law states that a “person may not capture a biometric identifier” without a prior consent, may not sell biometric date without consent or unless allowed by law, must use reasonable care in storing it, and “shall destroy the biometric identifier within a reasonable time.” Washington and New York have similar protections.

The California Consumer Privacy Act (CCPA) also regulates the collection and storage of biometric data and facial recognition data, making it possible for plaintiffs to file class action dating app privacy lawsuits.

Plaintiffs across the country have been filing dating app privacy complaints and have argued that companies regularly violate data sharing regulations. The Lyon Firm is investigating new data misuse and unlawful data brokering claims on behalf of individuals in all fifty states. We have the resources and the experience to build a strong case, hold negligent companies accountable and seek rightful compensation.