Digital matchmaking becomes a vehicle for facial recognition
Check out Keypoint Intelligence’s Cybersecurity page!
Everyone has seen a user agreement when they create a profile for an app or website that collects information. It’s several scrolls of the mouse covering all sorts of legal jargon that most people don’t fully read. Still, there’s reasonable understanding that the data we all provide will be maintained and collected only by the company we’re giving it to…and any information gathered is used in-house or provided to third-parties with our say-so.
In 2014, Match Group Inc. (the parent company of Match.com, OK Cupid, and Tinder) gathered the personal information of their users—including photos and location data—and gifted it to a start-up that the founders of Match Group were early investors in called Clarifai. The issue with this is that the user agreement for all these dating sites/apps did not include any provisions to allow Match Group to use their data in this way (or personally enrich themselves by making sure their investment had enough images to train its solutions on). In addition, Clarifai’s main focus was on facial recognition software—and now they had all these photos to use to train their programs on.
While this is all terrible news and an abuse of user data, the greater concern is that we are only discovering Match Group’s actions now…a full 12 years since they did it. Clarifai is no longer a start-up and has since participated in military projects like Project Maven, which uses artificial intelligence (AI) for surveillance, target acquisition, intelligence gathering, and reconnaissance in a method that many find to be an unethical use of the technology. And the investment that the founders have made have (no doubt) paid off monetarily as Clarifai’s solutions and company grow.
Catfishing Users with Data Privacy
This is not the first time this breach of privacy agreements has happened, and it probably won’t be the last. There have been several high-profile scandals like this most recent finding against Match Group in the past few years:
In early 2014, Meta (then just Facebook) allowed a third-party app to harvest data from over 87 million users and sell it to political consulting firm Cambridge Analytica. The FTC imposed a $5 billion penalty on Facebook for the privacy violations.
In 2017, Vizio settled for a $2.2 million fee after it was discovered that they were collecting and selling user data via a “smart interactivity” setting on their TVs. This information was then used for targeted advertising by other companies.
Data broker Epsilon Data Management was forced to pay $150 million in 2021 after their employees knowingly sold data on 30 million consumers to third-parties that targeted the elderly with fake sweepstakes and predatory schemes.
Also In 2021, the financial tech firm Plaid paid $58 million in a settlement over allegations of harvesting users’ financial data via fake log-in screens and selling their information to third-parties.
Twitter was fined $150 million in 2022 for using account security information provided by two-factor authentication to help advertisers target users.
In 2024, the FCC fined the four largest US wireless carriers (AT&T, Verizon, T-Mobile, Sprint) $200 million for illegally selling access to their customers’ real-time location data without consent.
Also in 2024, the FTC charged the company Response Tree with operating “consent farms” that use deceptive websites to trick users into providing personal data, which is then sold to telemarketers for robocalls.
The biggest surprise out of this most recent scandal is that the FTC isn’t levying any fines against the Match Group. While others in the past have been asked to pay millions of dollars for similar actions, Match Group is only prohibited from misleading others to the extent and purpose for how their businesses collect, maintain, use, disclose, delete, or protect any personal information (e.g., photos or demographic and geolocation data). They are also required to be more transparent about the function of privacy controls they provide consumers through user interfaces, any choices granted to consumers under applicable state privacy laws, or any other mechanisms the companies offer consumers to limit or manage the processing of personal data. That’s it.
Keypoint Intelligence Opinion
It’s hard to put yourself out there online and be vulnerable enough to let strangers learn a little about you in hopes of making a connection. It’s harder when you have to worry if the information you’re providing will be collected and used to sell you products or train an AI model for something you don’t agree with.
It doesn’t help that Match Group is essentially getting away with profiting off of their users with a finger-wag from the FTC and a chastisement of “you really can’t be doing this, you guys…” Without monetary punishment, there’s little discouragement from them or anyone else to engage in similar behavior moving forward. Although, considering how many companies have done something like this since 2017, we might need a new means of stopping private information from becoming a tradeable resource.
There’s a lot of headway being made in age-verification measures, but not a lot is being done to make sure that privacy agreements are being upheld by the companies we trust with our data. We all just hope that the organizations we provide with photos, location data, demographic information, and more are doing what they promise—even though we’ve been proven wrong time and time again. If we are being forced to accept their privacy terms to use their apps and sign up for their services, then there needs to be some reciprocity when they abuse our trust and take our information without our consent. Rather than spending so much time on policing teens online, maybe we should be worrying about everyone’s privacy.
Stay ahead in the ever-evolving print industry by browsing our Report Store for the latest insights. Log in to the InfoCenter to view research and studies through our Workplace- and Production-based Advisory Services. Log in to bliQ for product-level research, reports, and specs. Not a subscriber? Contact us for more information.