If one recent survey is to be believed, nearly a quarter of Britons use dating apps. A dating app is a smart phone application which typically allows the user to search or “swipe” through other singles – often presented like a never-ending deck of cards. If the user swipes right, this indicates that they ‘like’ the person. When the same person swipes right, this generates a “match” and each individual has the facility to instant message one another, thus enabling – in theory – a romance to blossom. The best known app of this type is Tinder, but it is a model that has been used or varied by several different platforms.
These apps normally work by pulling information from a user’s Facebook to create a dating app profile. A dating app profile is public (in so far as anyone who signs up may come across it) and shows details such as profession, employer, age, sexual orientation, friendship group, favourite music and even current location. Often subscribers will add a “bio” to their profile detailing their interests, what they are looking for and even highly private information such as sexual preferences.
It should come as no surprise therefore that, whilst dating apps can be a convenient way of meeting new people, they can engender all sorts of legal issues..
Misuse of Private Information/ Breach of Confidence (Privacy Claims)
In simple terms, the misuse of private information is a cause of action which derives from our right to privacy under Article 8 of the European Convention on Human Rights. A claim will arise where information over which a claimant has a realistic expectation of privacy is misused. Breach of Confidence is an equitable cause of action which protects confidential information when imparted in a confidential context. These claims are often brought concurrently due to the obvious overlap. “Private“ information and “Confidential” information can cover a wide range of data including personal details, correspondence and images. A person who shares such data without consent could be liable for Misuse of Private information and/or Breach of Confidence.
To give an example of how a claim might arise, imagine Josh and Sarah have “matched” on Tinder. A conversation ensues but soon Josh offends Sarah with his views. Sarah is outraged and decides to screenshot the conversation (the content of which includes identifiable characteristics) and share it on a public blog and on Facebook. Innocuous as it may sound to many, this could give rise to a privacy claim against Sarah.
Under The Protection from Harassment Act 1997 (PHA), harassment is defined as a course of conduct which they know or ought to know amounts to harassment. It is normally conduct which “causes a person alarm or distress”. Harassment can be committed by publication (whether to the world or by message to one person). The PHA allows victims of harassment to bring a civil claim for damages and injunction. It also makes harassment a criminal offence.
In the context of dating apps, imagine Fred and Ellie match on “Bumble”, another commonly used dating app. Ellie messages Fred but Fred doesn’t respond. Frustrated, Ellie starts to send Fred a series of abusive and threatening messages which make Fred feel distressed. Fred could potentially sue Ellie for harassment or make a complaint to the police.
Of course the harassment may not occur on the dating app itself, often subscribers will be able to locate individuals on Facebook, Twitter or LinkedIn using the details on their profile. Often users are too trusting of people they have never met and voluntarily disclose contact details or other personal information.
Data Protection Act 1998 (“DPA”)
Whilst the link between dating apps and data protection may not be obvious one, it is possible for a DPA claim to arise from two parties corresponding over a private medium such as a dating app. Under the DPA, any “data controller” must comply with the data protection principles, one of which states that data must be processed in accordance with the purpose for which it was provided.
A person receiving information on a dating app can be a “data controller” for the purposes of the DPA. The DPA provides an exception for domestic and social purposes, however guidance from the ICO makes it clear that activity can extend beyond the exemption. For instance, Guy and James match on “Grindr” and start exchanging messages. Guy and James decide to meet up and Guy asks James for his address and telephone number and James acquiesces. They meet up, but after a short relationship, fall out. Guy then publishes inaccurate and unpleasant information about James on a forum together with his telephone number and address. Guy is the data controller in this situation. Clearly James did not wish for his address to be shared with third parties and this was not his intention when he sent Guy his details. James may be able to bring a DPA claim for compensation and an injunction, asserting that Guy has breached the Data Protection Principles.
How to protect yourself on dating apps
Virtual dating can be hazardous. The ease of swiping and messaging on a smartphone can create a sense of detachment that can cause carelessness. Extremely sensitive personal data can be shared too readily with strangers. This can result not only in distressing privacy breaches, but worse still harassment/stalking and/or fraud.
When creating a dating app profile it should be borne in mind that your profile effectively enters the public domain. It is not uncommon to find a co-worker, ex- partner, business associate or family member when “swiping”. The algorithms that underpin these apps often make this more likely. Furthermore, there is no guarantee that digital data will remain amongst fellow members.