Dating Apps Need a Corporate Digital Responsibility Revamp

New Research Shows Concerning Lack of Transparency by Online Dating Platforms

Luke Patterson, analyst at EthicsGrade, explores…

The level of corporate digital responsibility (CDR) transparency amongst dating platforms is disappointingly substandard for a $4 billion industry fundamentally rooted in digitalisation according to new research from EthicsGrade.

Dating apps are valued for their ability to expose users to potential romantic and sexual partners. Between 2015 and 2021, the usership of dating apps like Tinder, Bumble, and Grindr grew by 100 million; a number that continues to increase year on year. “At EthicsGrade our hope is that, alongside their growing size and influence on peoples’ romantic lives, dating platforms make a concerted effort to improve digital transparency, and therefore trust, by reporting on how their matching algorithms work now, and how they’re looking to improve them in the future.” – Luke Patterson, Research Analyst at EthicsGrade.

EthicsGrade’s latest research shows that industry-wide improvements to privacy and cybersecurity transparency are essential in the dating platform industry. Overall, the transparency of dating platforms in disclosing their cybersecurity processes is minimal. This makes it difficult to assess whether sufficiently robust cybersecurity measures exist at all and given the number of reported dating platform cyberattacks in recent years it’s likely that the answer is that they don’t.

Protecting users must include protecting users’ data

Badoo, the world’s most widely used dating app, has implemented an array of technological measures designed to protect the safety of their users, especially female users, by verifying the identity of profiles to avoid ‘catfishing’. Before signing up, a user is required to upload a photo of themselves and have this verified by a moderator or facial recognition algorithm against a video of them performing a given prompt. Their use of personal data to improve safety, as well as for additional features like their celebrity crush matcher, underscores the importance of protecting personal data by implementing robust privacy and security measures.

EthicsGrade found very little public-facing information on the cybersecurity measures at Badoo, and their privacy policy isn’t designed to be an easy read for a user. Their research eventually identified a statement confirming that Badoo retain identity verification scans for 3 years before the data is securely deleted – but users have no clear option to request early deletion.

“Safety features on a dating app are vital, but safety features which use sensitive personal information must be matched with a robust privacy framework that hands autonomy to the user over the way their personal data is used and stored.”

Dating platforms host data on their sites that most users wouldn’t provide anywhere else

Grindr is one of the few companies with detailed information about its corporate governance structure – the first small step towards sufficient transparency reporting. However, a recurring theme amongst all the dating platforms covered in EthicsGrade’s research is that their privacy and cybersecurity transparency standards do not meet the level one would expect of any company in any industry.

Grindr provides a sexual health section on a user’s profile, which allows them to display their sexual health status, such as their HIV status, and most recent test date. This is a hugely helpful feature, but again highlights just how personal the information is that we’re trusting dating platforms to protect. This, alongside the fact that many of its users live in countries where homosexuality is highly stigmatised and, in many cases, criminalised, evidence just how important it is that their cybersecurity measures demonstrate a gold-standard not just for online dating, but against every industry.

Grindr is currently falling far short of this benchmark.

Grindr fail to offer any detail as to how they are reinforcing their security measures in preparation for increasingly sophisticated cyberattacks enabled by advancements in AI capabilities. Whilst they offer a comprehensive security guide to help users maximise their online and offline safety using the app, this wrongly diverts the locus of responsibility onto the user to protect their personal data. “Individual measures taken by the user to protect their information is the very last line of cyber defence. It must be preceded by comprehensive, regularly externally and internally audited, company cybersecurity processes that are outlined transparently in public facing reports.”

What do Netflix and Dating apps have in common?

Netflix uses collaborative filtering to tailor movie recommendations to a user. For example, if I watch a romcom, I’ll be pooled amongst users who’ve also watched that film and I’ll be recommended films that those users have watched. Dating apps also use collaborative filtering. On a dating app, if I like a user profile who has brown hair, I’ll be pooled amongst users who’ve also liked profiles of users with brown hair and be exposed to other types of profile that they have liked.

The necessity of improved transparency

In its current form, collaborative filtering represents an imperfect, over-simplified, and risky tool for online matchmaking. Our romantic preferences are far more complex and less predictable than our film preferences. However, the more serious problem is that the poor state of transparency reporting in the dating platform industry as a whole means that users are at best largely unaware of the flaws of collaborative filtering, and in many cases unaware that an algorithm is influencing the profiles they’re exposed to at all.

The growth of online dating is very likely to continue and, whilst there remains opaqueness in how seriously online dating platforms take their digital responsibilities, their growing member bases should think twice about entrusting them with their personal information. Any healthy relationship requires trust. Between online dating platforms and a user, this demands a clear, open, and transparent communication of the ways that personal information is protected, and the nature of the algorithms that shape a user’s experience on a dating app.