Photo by Prateek Katyal on Unsplash
Facebook’s dating service, Facebook Dating, has decided to delay launching in the EU after the Irish Data Protection Commission (DPC), the national authority for the General Data Protection Regulation (GDPR), expressed concerns with the recent notification of the launch and the failure to provide a Data Protection Impact Assessment (DPIA).
Facebook Ireland only notified the DPC of the launch of Facebook Dating on February 3, only ten days prior to the intended launch date of February 13. Further, under the GDPR, controllers (as defined as “those involved in determining how and why personal data are processed”), are required to provide a DPIA. According to the DPC, a DPIA is required:
When a controller collects, stores, or uses (i.e. ‘processes’) personal data, the individuals whose data are processed are exposed to risks. These risks can range from personal data being stolen or inadvertently released and used by criminals to impersonate the individual, to worry being caused to individuals that their data will be used for unknown purposes. A DPIA describes a process designed to identify risks arising out of the processing of personal data and to minimise these risks as far and as early as possible. DPIAs are important tools for negating risk, and for demonstrating compliance with the GDPR.
Facebook did not provide a DPIA until the DPC visited the Facebook Ireland Offices on February 10. Currently, the DPC is awaiting follow-up responses from Facebook regarding the DPIA collected. When asked by TechCrunch why Facebook did not provide the DPIA in a timely manner, a Facebook spokesperson stated:
We’re under no legal obligation to notify the IDPC of product launches. However, as a courtesy to the Office of the Data Protection Commission, who is our lead regulator for data protection in Europe, we proactively informed them of this proposed launch two weeks in advance. We had completed the data processing impact assessment well in advance of the European launch, which we shared with the IDPC when they asked for it.
Facebook Dating was released in Canada and the US last fall and is an extension of the Facebook app. It’s free and differentiates itself from other dating apps due to the wider range of Facebook users as well as having more extensive data on those users. Facebook Dating finds potential matches by examining the location of the user, their preferences and even whether they have attended the same events as the user. Facebook hopes to adopt a more “dynamic” approach to dating apps with plans to integrate the use of stories as it appears on Instagram.
Privacy is especially a concern for dating app users, specifically because of the intimate data that is shared by users and collected by these companies. Recently, dating apps such as Tinder, Grinder, and OkCupid have been found sharing personal data to advertising partners, which has led to a formal investigation by the DPC on how this data is being handled and if it breaches GDPR.
For more information on Facebook Dating and other privacy concerns regarding dating apps:
- Facebook Dating misses European launch for Valentine’s Day over regulatory dispute
- Facebook Dating launch blocked in Europe after it fails to show privacy workings
- DPC statement on Facebook dating feature
- Guide to Data Protection Impact Assessments
- Tinder may not get you a date. It will get your data
- Grindr, Tinder and OkCupid apps share personal data, group finds
- What is Facebook Dating For?
- Tinder’s handling of user data is now under GDPR probe in Europe
- I asked Tinder for my data. It sent me 800 pages of my deepest, darkest secrets