What’s Law Got To Do With It: Privacy, Authenticity, AI, and Possibly Romance on Dating Apps

What’s Law Got To Do With It: Privacy, Authenticity, AI, and Possibly Romance on Dating Apps

On June 27, 2023, The George Washington University Law School’s Ethical Tech Initiative hosted an event entitled “What’s Law Got To Do With It: Privacy, Authenticity, AI, and Possibly Romance on Dating Apps.” 

Professor Dawn Nunziato, the Pedas Family Endowed Professor of IP & Technology Law and Co-Director of EthicalTech@GW, moderated the panel. The expert panelists were: 

  • Lakshmi Rengarajan: connectivity expert and co-host of Season Seven of Vox Media’s “Land of the Giants” podcast; and host of The Later Dater Today Podcast. 
  • Lucy Xiong: EthicalTech@GW Inaugural Associate Director and Associate Attorney at Sandler Reiff Lamb Birkenstock & Rosenstein PC;
  • Grant Fergusson: Equal Justice Works Fellow at the Electronic Privacy Information Center (EPIC) and Distinguished Visiting Technologist at EthicalTech@GW; and
  • Tom McBrien: Law Fellow at EPIC.

A summary of the panel discussion follows:

Consumers, governments, and legal experts up until now have yet to meaningfully scrutinize the dating app industry, despite the pervasiveness and widespread usage of dating apps. For many users, privacy and safety is not even a thought before they enter deeply personal information when using such apps in an attempt to form romantic connections. Many dating apps request information including gender, location, sexual orientation, sexual preferences, drinking, drug, and smoking habits, political affiliation, interests, and even health care history, such as HIV status, and users enter such information without considering privacy, safety, and other implications of doing so. 

Panelist Lucy Xiong discussed some of the privacy and safety violations that dating app users have already endured, including Grindr sharing its users’ HIV statuses without their consent, the increase in domestic violence and assaults since the rise of dating apps, and Match.com’s creation of fake profiles to encourage paid subscriptions. Ms. Xiong characterized such violations as “at best reckless, but at worst malicious.”

Two EPIC fellows who served as expert panelists, Grant Fergusson and Tom McBrien, noted that many of these privacy concerns are not unique to dating apps, but are exacerbated with the use of dating apps due to the uniquely personal information that these apps collect. As an example, they discussed how websites and online businesses use cookies, public profiles, and other tools to track their users’ information and behavior, which is frequently sold to third-party marketing agencies or data banks. Although such information is anonymized, often it can be easily de-anonymized and attributed to specific users. 

It is also unclear to what extent dating apps and other online platforms are monitoring and collecting information from users’ private messages and other nonpublic digital spaces. While dating apps often claim that messages between their users are private and secure, some level of content monitoring within “private” messages undoubtedly occurs when dating apps flag content within such messages as abusive or violative of their policies. The type of content moderation that dating apps conduct is unclear, and therefore the effect of any potential discrimination or profiling is also uncertain. 

While the responsibility is frequently left to the dating apps to determine whether the benefit of data collection is worth the risk of exposure, Colorado’s new privacy law requires any business that engages in profiling to conduct data protection assessments, and to identify and weigh the benefits that flow from the processing of personal data against the risks to the rights of consumers. Professor Nunziato observed that the European Union’s Digital Services Act imposes similar requirements for all social media companies to indicate their methods of content moderation and privacy protection. 

According to Mr. Fergusson and Mr. McBrien, user-driven solutions are the only meaningful way to safeguard one’s privacy on dating apps–at least until stronger regulations are in place. Even the more stringent state laws on how online platforms can use and collect user information may be insufficient. Laws like the California Consumer Privacy Act of 2018 (CCPA) require websites to operate on a consent basis, and place the onus on consumers to be diligent about: monitoring how a business collects their information, understanding various privacy practices, and advocating for the deletion or correction of their personal information. 

User-driven solutions that could minimize one’s digital footprint and thus protect one’s privacy include rejecting unnecessary cookies, reading website privacy policies, and limiting the personal information that a user provides online. Mr. Fergusson noted that in some states like California, consumers have a right to be forgotten/right of erasure (similar to that enjoyed by data subjects in the European Union) and can generally: request the removal of personal information collected about them, opt out of having their personal data shared, and require the disclosure of personal information a business collects about them and how it is used and shared, under the California Consumer Privacy Act. However, both Mr. Fergusson and Mr. McBrien noted that data minimization policies are likely to be more successful and protective of personal data. Data minimization is a data privacy policy used throughout European countries requiring companies to only retain personal information that contributes to the service that the companies provide. Such data minimization policies have yet to be enacted in the United States.

These privacy concerns, the panelists note, are often overshadowed by the safety concerns posed by dating apps. Courts have explicitly exempted tech companies (including dating apps) from liability even when such platforms have been used to harm other users. For example, in the 2019 case Herrick v. Grindr, the U.S. Court of Appeals for the Second Circuit interpreted Section 230 of the Communications Decency Act (CDA) to shield Grindr from liability and denied relief for plaintiff Matthew Herrick, who alleged that his ex-boyfriend created fake Grindr profiles with his name, which led to a thousand people harassing Herrick at his work and his home and demanding “fetishistic sex, bondage, role playing, and rape fantasies.” Section 230 of the CDA has been hotly disputed in the courts, with some parties arguing (and the majority of courts, including the Supreme Court holding) that the provision completely immunizes digital platforms from liability when dangerous or criminal content is shared.

In order to increase safety while using dating apps, Ms. Rengarajan recommended using alternative phone numbers that can be generated by apps like Google Voice and WhatsApp when initially contacting other users in order to limit their access to one’s other personal information.

Beyond the privacy and safety concerns, the panelists also discussed how profit structures affect the way dating apps operate and have changed social structures. For example, dating apps are only as valuable as the number of their users: thus, the more users a particular dating app has, the more likely other users of the app will find a compatible match. Ms. Rengarajan pointed out that while dating apps don’t necessarily want users to stay single, users’ value is based on them having multiple iterations or relationships. The systems may be set up to overwhelm users, have them meet a large number of people, and ultimately make users indecisive. 

Ms. Rengarajan discussed how dating apps are also built on the skill of user self-marketing rather than relationship building, making dating culture more transactional than it used to be. Millennials and Gen Z users haven’t had much experience in developing the skill of building and sustaining a relationship. According to Ms. Rengarajan, Gen Z is more interested in human relationships, but they are also the generation that is struggling the most to make those human connections. The sheer number of options presented to a dating app user may make it easier to dismiss a potentially good match too readily. 

Ms. Rengarajan also commented on the change in gender roles as a result of dating apps. She noted that while Bumble was started as a way to empower and protect women, it has shifted the emotional labor of beginning and maintaining a conversation to women as well. This behavior has bled into the other apps, due to high co-usership between the apps. 

The expert panelists made clear that the collection of information and shifting of cultural behaviors resulting from widespread dating app use is an emerging phenomenon that poses important questions for further research: What is AI’s role on dating apps? How can the law regulate dating apps while maintaining their beneficial and innovative qualities? How will dating apps change to address the cultural shifts they have created? How will younger generations adjust in order to build and maintain meaningful relationships? Can regulations help promote safe online relationships? 

These are some of the questions that Ethical Tech hopes to continue to address and discuss this upcoming year. So stay tuned for future Ethical Tech events!