Are online dating and data privacy an incompatible match?

Dating is certainly fun, but it can be very stressful. What to wear, where to go, what details of your life to share, topics to avoid. These are probably some of the thoughts crossing your mind before a first date. Things got even more messed up in the age of online dating as most of these processes have moved from the offline to the digital world. Right from the very beginning, your privacy is on the line – not just your heart.

You now need to share a photo of yourself alongside an email address or phone number just to enter the dating game. You’re pushed to share as much information about you as possible to find better matches. You need to trust potential partners, the application, and the service provider all at the same time to take good care of your most sensitive data – and, frankly, dating apps aren’t exactly known to be good at it.

“Dating apps claim the more personal data you share, the more likely you are to find love. We have no way of knowing if that’s true. What we do know is that most dating apps fail spectacularly at protecting that information,” concluded Misha Rykov, a researcher at Mozilla – the provider behind one of the best web browsers, Firefox, and VPN service – after carefully reviewing 25 of the most popular dating services around. The verdict: privacy isn’t included for 22 of them.

Ever-long and dubious questionnaires you sometimes cannot even skip, photos and videos of you, religion and political affiliations, race, ethnicity, sexual preferences, and even some health data like HIV status or biometric details. And just like that, researchers found you’re pushed to give away some of your most sensitive data when you sign up for most of these services.

Worst still, this is just what you consciously share. The truth, however, is that there’s more information the companies behind dating services can collect without you probably even realizing it. These details include your geolocation, DMs, and pretty much anything you do on the app.

Sure, service providers need some of this data for functionality purposes. Yet, researchers found that “most dating apps (80%) may share or sell your personal information for advertising.” Take the most popular LGBTQ+ dating app, Grindr, for example, which is currently facing a lawsuit in the UK over illicit HIV data-sharing allegations.

It’s very important to make it clear that privacy is a gender justice issue

The team at Mozilla decided it was time to challenge one of the dating apps failing people’s privacy to do better – maybe other services will follow suit, they thought.

The petition “TELL BUMBLE: Don’t sell or share users’ data without their permission” was launched at the beginning of July, calling for the company to make data sharing and selling with third parties an opt-in option, rather than opt-out.

Now, about four months later, Bumble confirmed it has changed its privacy policy to make it more accessible and “empower our members to understand and control how their data is used,” a company’s spokesperson told me.

While experts at Mozilla are happy to see a more consumer-friendly approach, they still feel that further changes are needed – users are still expected to opt out of data sharing, in fact. Hence, you are still the one in charge of actively taking care of your privacy.

Privacy should be default: the Bumble case

Mozilla did not choose Bumble in a vacuum in the hope of fixing the online dating business. This is not simply because it’s the most popular dating app in the United States, either. The main reason was how the company brands itself – an advocate for gender justice.

“I felt it was very important to make it clear that privacy is a gender justice issue,” Reem Suleiman, US Advocacy Lead at Mozilla, told me. “If Bumble is going to continue to wear this as a badge of honor, then they really need to take the privacy aspect of it seriously.”

Following the overturn of Roe vs Wade, for instance, at least 14 US states have banned abortion altogether while others like Florida, Idaho, and Nebraska have enforced strict restrictions. The information women share online, especially their private reproductive data, is the primary source feeding abortion-based investigations.

Outside the US, being part of the LGBTQ+ community is even considered a crime in some countries, making a potential leak of these details incredibly dangerous.

Invasive data collection is also worrying considering that another research published in July found a security vulnerability in Bumble and other dating apps that allows malicious users to pinpoint the location of their victims down to 2 meters.

“The thing that really rubbed me the wrong way about Bumble was that they were not being clear about what their policy was,” Suleiman told me. She explained that researchers tried to get hold of the Bumble team to get some clarity because even they – the privacy experts – couldn’t understand how users’s data were processed.

After a few months that Mozilla’s requests were allegedly left unanswered, the team decided to go public with the petition on July 2, 2024. Eleven civil societies joined then the fight and put together a more detailed open letter (see tweet below) published on August 8. After that, the coalition kept growing even bigger.

The demands are clear. Clarify “in unambiguous terms” whether or not Bumble sells customer data and, if yes, identify exactly what data the dating service sells and to who, with particular stress on any data brokers. As mentioned earlier, the coalition also demands a strengthened customer consent mechanism to opt-in to the sharing or sale of data, rather than opt-out.

“The idea is that we need to make privacy a standard, especially for services where it’s normal for people to be putting in very sensitive bits of their life,” Suleiman told me, explaining that sometimes pushing the industry to change is faster than wait for legislation. The US, for example, still lacks a comprehensive privacy policy regulating data protection matters like the GDPR in the EU and UK.

Mozilla’s idea was simple – make Bumble understand how privacy is entangled with its mission of promoting gender justice. Make them a role model that other dating apps could follow suit. “We actually had the opinion going into this campaign that we were going to be able to make the changes that we wanted,” said Sulemain.

Bumble indeed reached out to Mozilla straightaway after the campaign went live in July. Sulemain explained the company promised to unveil a more consumer-friendly version of its privacy policy which never arrived. Until now, at least.

On October 3, Bumble launched a new privacy policy which is striking for how accessible is for readers to navigate. You can easily browse between the bits you’re most interested in, with intuitive boxouts highlighting the main takeaways.

“We are, and always have been, dedicated to creating a world where all relationships are healthy and equal. In doing so we recognize that safeguarding our members’ privacy – especially as it relates to sensitive information – is inextricably linked to the pursuit of gender justice,” a Bumble spokesperson told me.

The dating service also told TechRadar it does not sell sensitive personal information like health status, sexual orientation or preferences, political opinions, race, or precise location.

Despite their main demand not being met – data sharing is still on by default, meaning you have to actively opt out from it – experts at Mozilla have positively welcomed the long-awaited changes.

Suleiman said: “The new changes are an important step forward, and we hope the entire dating app industry moves towards better privacy practices given the sensitivity and potential of leaked intimate data to hurt vulnerable communities.”

How to use dating app more privately

As we have seen, Mozilla’s action eventually managed to create a stir in Bumble’s privacy approach and build a more consumer-friendly policy.

The road to dating apps not using your data by default is still long in coming. This means you need to take a more proactive approach in order to minimize the risks and use these services more privately.

Below are the top three privacy tips shared by experts at Mozilla you should keep in mind when using a dating app:

• Treat your dating profile more like your LinkedIn profile. You should always assume that your information, photos, and videos can be accessed by anyone – not just potential partners. Before sharing anything on these apps, ask yourself: am I comfortable with this going public?
• Don’t log in with third-party accounts. I know, it could be way faster to sign in with your Gmail or Instagram accounts. Yet, this means more sharing of your personal information across more platforms as two different services will be linked together. Definitely a big no if you want to preserve your privacy.
• Limit app permissions where possible. This should be the golden rule for any app you download on your device. Go to your device settings and turn off all the permissions the app doesn’t need to function, including your location, address book, and camera roll.

All in all, Sulemain still hopes that one day all these extra steps will become just something of the past. She said: “We much prefer that privacy is the default so that people don’t have to take all those steps. We have so many different accounts and apps to manage that it’s just unreasonable to create such a burden for people.

“The hope is to push the industry to do better and create a sense of competition on privacy.”