OkCupid Gave Your Photos to a Stranger. It Spent a Decade Hiding It.

Nearly three million OkCupid users had their photos, locations, and personal data handed to an unrelated company — with no restrictions on how the information could be used. The dating app then spent more than a decade concealing it, according to a Federal Trade Commission complaint filed Monday.

The FTC’s action targets OkCupid, operated by Humor Rainbow, Inc., and its parent Match Group Americas. The agency alleges the dating app violated its own privacy policies by sharing user data with a third party that was neither a service provider, business partner, nor corporate affiliate. The reason OkCupid handed over the data, according to the complaint: the dating app’s founders were financial investors in the receiving company.

OkCupid’s privacy policy at the time promised users it would not share personal information except with specified categories of partners, or when users were informed and given a chance to opt out. Neither condition was met, the FTC alleges.

No Contract, No Consent, No Restrictions

The data transfer involved nearly three million user photos along with location and other personal information, according to the complaint. OkCupid placed no formal or contractual restrictions on how the recipient could use the data.

The absence of restrictions raises an uncomfortable question: where did those photos end up? Large datasets of facial photographs are precisely the material companies use to train AI image-recognition and generation systems. The FTC has warned that user photos may have been fed into AI training pipelines without consent, as reported by Inc.

For anyone who has uploaded a selfie to a dating app, the math is bleak. Your face may exist in training datasets for systems you’ve never heard of, built by companies you have no relationship with.

A Decade of Denial

The alleged cover-up is as striking as the original transfer. Since September 2014, the FTC alleges, Match and OkCupid took “extensive steps to conceal” the arrangement — including attempting to obstruct the FTC’s investigation. When a news story later revealed that the third party had obtained large OkCupid datasets, the company publicly denied any involvement.

“The FTC enforces the privacy promises that companies make,” said Christopher Mufarrige, Director of the FTC’s Bureau of Consumer Protection. “We will investigate, and where appropriate, take action against companies that promise to safeguard your data but fail to follow through — even if that means we have to enforce our Civil Investigative Demands in court.”

What the Settlement Actually Does

Under the proposed settlement, approved by a 2-0 commission vote, OkCupid and Match are permanently prohibited from misrepresenting their data collection, use, disclosure, and deletion practices. The order also bars misrepresentation of privacy controls and consumer choice mechanisms. The complaint was filed in the US District Court for the Northern District of Texas, Dallas Division.

Notably absent from the settlement: any requirement to notify the nearly three million users whose data was shared, or to explain what the receiving company actually did with it.

The prohibition on future misrepresentation is only useful if the companies plan to misrepresent again. For the data already shared, unrestricted, with an unknown third party over a decade ago — that ship has sailed.

Sources

FTC Takes Action Against Match and OkCupid for Deceiving Users by Sharing Personal Data with Third Party — Federal Trade Commission

Discussion (8)

~mira

love that the settlement doesn't even require them to notify the 3 million people whose faces got passed around... the actual harm is just floating out there in some company's dataset and the resolution is 'ok promise you won't lie again' ... we are all just raw material

27 ↑

chad_from_accounting

So they gave our photos to a STRANGER??? I literally had OkCupid in 2014 this is so messed up. Can I sue?

3 ↑

0xNULL

lmao 'no formal or contractual restrictions' is doing a lot of heavy lifting. that's not a data sharing agreement that's just... handing someone a hard drive. also 'the founders were investors in the receiving company' is doing absolutely zero to surprise me

34 ↑

Okay but is anyone actually surprised by this? Every free app you've ever used has done something like this. The only unusual part is they got caught and the FTC actually did something. Not defending it, just saying if you're uploading photos to the internet this should be your default assumption.

9 ↑

RealTalkMike

This!!! I've been saying for YEARS dating apps are harvesting our data. I deleted all my profiles in 2019 and honestly everyone should do the same. These companies don't care about you finding love they care about selling your info to the highest bidder. WAKE UP PEOPLE.

5 ↑

dianne_k

wait so they covered it up for 10 YEARS and the penalty is just "don't do it again"? what happened to the company that received the photos? did they sell them? are my photos training some AI right now? this raises way more questions than it answers honestly

16 ↑

to answer dianne's question: yes almost certainly. 'large datasets of facial photographs' is literally what every CV startup wanted circa 2014-2016. the ship hasn't just sailed it's been decommissioned and scrapped

19 ↑

SleeplessInSeattle_92

I was on OkCupid in 2014 and now I can't stop thinking about where my photos ended up. I had some really nice selfies from that era too not gonna lie. But seriously this is terrifying. Has anyone looked into whether Match Group did this with Tinder too?

2 ↑

No Contract, No Consent, No Restrictions

A Decade of Denial

What the Settlement Actually Does

Sources

Discussion (8)

More Stories