GoKawiilAround 3 million user photos from dating app OkCupid were used for AI training by a third-party company in direct contravention of the company’s own privacy policy …
The privacy breach dates back to 2014, but TNW reports that the case was only finally resolved this month, with both the photos and the AI model generated from them being deleted.
The underlying incident began over a decade ago. OkCupid’s founders were investors in Clarifai, and Clarifai’s founder Matthew Zeiler contacted OkCupid co-founder Maxwell Krohn in 2014 to request access to its data. “We’re collecting data now and just realized that OKCupid must have a HUGE amount of awesome data for this,” Zeiler wrote, according to court documents cited by Reuters. OkCupid handed over nearly three million user photos, along with location and demographic data, without any formal agreement, without placing restrictions on how the data could be used, and without notifying users or allowing them to opt out.
Yep, it was apparently that casual. The company’s privacy policy explicitly promised not to share personal data with unconnected third parties.
The Federal Trade Commission opened an investigation in 2019, but it for some reason took until this year to resolve the matter. In addition to deleting the data, OkCupid parent company Match Group has been banned for misrepresenting its data practices for the next 20 years. (Does this mean it will be allowed to lie 21 years from now? Enquiring minds need to know …)
Regrettably, the FTC doesn’t have the authority to issue financial penalties for this type of privacy violation.
Photo by Nik on Unsplash