The Irish Data Protection Commission has begun an enquiry into data processing that is being managed in the European Union by online dating service Tinder and the processing of location information by Google.
Similar to in other EU member states, citizens of Ireland have registered complaints to the DPC in relation to the data processing activity of Tinder’s parent company, MTCH technology Services. It has been claimed that Tinder violating the General Data Protection Regulation due to the manner that the company handles data processing and how it complies with its legal responsibility for managing data requests from subscribers. A DPC spokesperson said: “The inquiry of the DPC will set out to establish whether the company has a legal basis for the ongoing processing of its users’ personal data and whether it meets its obligations as a data controller with regard to transparency and its compliance with data subject right’s requests.”
An MTCH representative responded saying: “Transparency and protecting our users’ personal data is of utmost importance to us. We are fully cooperating with the Data Protection Commission, and will continue to abide by GDPR and all applicable laws.”
This investigation comes as other EU Member states have initiated investigations into the data processing at MTCH. In Norway there have been claims made against Tinder and OKCupid while an official inquiry has begun into the workings at Grindr.
The DPC said: “The inquiry will set out to establish whether Google has a valid legal basis for processing the location data of its users and whether it meets its obligations as a data controller with regard to transparency.”
responding to the news Google issued a statement that said: “We will cooperate fully with the office of the Data Protection Commission in its inquiry, and continue to work closely with regulators and consumer associations across Europe. In the last year, we have made a number of product changes to improve the level of user transparency and control over location data.”
If either of these companies is found to be in breach of GDPR then they could be faced with financial penalty of €20m or 4% of annual global revenue for the previous financial year, whichever figure is greater.