Tinder and Match Group Sued Over Biometric Data
Contributed by: kellyseal on Monday, December 12 2022 @ 09:21 am
Last modified on Monday, December 12 2022 @ 09:38 am
An Illinois Court will hear a case against Match Group’s Tinder app over how it collects and stores the biometric data of its users.
According to Global Dating Insights[*1] , the way Tinder stores sensitive data such as physical characteristics and body measurements violate the state’s Biometric Information Privacy Act (BIPA). Tinder (and parent company Match Group) failed to gather signed consent from Illinois users before retaining facial scans. This data is collected as part of Tinder’s photo verification feature, a new safety measure launched by the company to help reduce fake profiles and potential scammers on the app.
Illinois has specific regulations regarding not only the storage of the biometric data, but also disclosing information to the user about how that data will be handled and managed. Specifically, the plaintiffs allege that Tinder’s process poses a security risk because of what might happen if the data were to be obtained by hackers. As Global Dating Insights points out, biometric data is extremely sensitive data as it is a permanent identifier of the user, as opposed to passwords which can be changed.
The complaint states that the app introduced a two-step photo verification process in 2020, whereby users can obtain a blue checkmark “validation” that their selfie matches the photos that they post to their profiles. Tinder’s verification process involves a “liveness check” according to the lawsuit language mentioned by ClassAction.org, and scans the user’s face to determine if a “real, live person took the video, and that it was not digitally altered or manipulated,” according to ClassAction.org[*2] . Tinder uses a facial recognition AI technology to do this.
According to the lawsuit, Tinder also fails to provide users with a time period for storing and destroying the data, which is also required by BIPA.
“[The] BIPA provides individuals with a private right of action, protecting their right to privacy regarding their biometrics as well as protecting their rights to know the precise nature for which their biometrics are used and how they are being stored and ultimately destroyed,” the lawsuit says.
A group of Illinois residents has filed the lawsuit and are looking for statutory damages as well as more enforcement of apps that store biometric data in accordance with the state law. The lawsuit represents any resident who has “directly or indirectly” used Tinder’s verification feature and potentially had biometric data stored and/or obtained by the app.