The Data Protection Commission in Ireland, the country’s lead GDPR regulator, has launched investigations into the data processing and data retention practices of Google and the Tinder dating app after concerns were raised about ongoing, unlawful processing of personal data. The Irish DPC is investigating the firms as both have their European headquarters in Dublin.
The investigation into Google concerns the use of location data to provide services to consumers. Complaints have been received from consumer organizations across Europe calling for Google to be investigated over a lack of transparency about its location data processing activities, which potentially violates GDPR transparency rules.
“The DPC has commenced an own-volition Statutory Inquiry, with respect to Google Ireland Limited, pursuant to Section 110 of the Data Protection 2018 and in accordance with the co-operation mechanism outlined under Article 60 of the GDPR,” explained the Irish DPC on its website. The investigation will attempt to determine whether Google has a valid legal basis for processing users’ location data and whether Google Ireland is meeting its obligations under GDPR with regard to transparency.
“People should be able to understand and control how companies like Google use location data to provide services to them,” explained Google Ireland in response to the announcement about the investigation. “We will cooperate fully with the office of the Data Protection Commission in its inquiry, and continue to work closely with regulators and consumer associations across Europe.” Google also confirmed that in the past year several changes have been made to improve transparency and give users greater control over the use of their location data.
The second investigation has been launched into Tinder after complaints were received from consumer groups in Ireland and other EU countries suggesting MTCH Technology Services, which operates Tinder, was not fully complying with data requests from app users and an alleged lack of transparency about ongoing data processing.
“Transparency and protecting our users’ personal data is of utmost importance to us,” said a spokesperson for MTCH Technology Services. “We are fully cooperating with the Data Protection Commission, and will continue to abide by GDPR and all applicable laws.”
The Tinder investigation follows a recent report from the Norwegian Consumer Council which accused Tinder, OKCupid, and Grindr of unlawfully spreading sensitive information of dating app users, such as information about their sexuality, GPS location, and other personal information.