The UK’s data protection watchdog is to investigate the sale of 10,000 online dating profiles to the BBC’s Panorama programme.
The Information Commissioner's Office (ICO) said the sale of this information could be "a significant breach of data protection principles”, according to the BBC.
The data was sold by Dominican Republic-based website Usdate, and included photos, names, email addresses, dates of birth and details of sexual orientation.
Some of the profiles were genuine and included several academics, a member of the House of Lords and BBC employees.
Most of the people contacted by the BBC said they had never used a dating website, but the man who made the sale, Edgars Apalais, insisted everyone profiled had given their consent for their details to be shared.
Breach of data protection law
Simon Entwisle, director of operations at the ICO, said it is a breach of data protection law if someone sells your information without consent and if the information is inaccurate.
"If you're talking about significant numbers of names, that's a significant breach of the data protection principles potentially," he said.
Coinciding with the Panorama revelations, the ICO has written to four of the biggest UK online dating companies, after a recent survey identified areas where the Data Protection Act is not being followed.
The letter highlights the main areas of concern that the survey found and calls on the companies to respond with details on how they are meeting those concerns.
More on data privacy
- Big data privacy concerns spur research, innovation
- Insider threat: Balancing security with privacy
- Germany calls for new global online privacy charter
- Beyond privacy policies: Practical privacy for websites and mobile apps
- Data privacy and the 'economy of queasy trust'
- NSA surveillance leads to tighter data privacy policies
The areas of concern highlighted include:
- Poor visibility of the terms and conditions that give the website consent to use personal information in certain ways;
- Those terms and conditions making reference to the dating company having "perpetual" or "irrevocable" licence to use members’ data;
- Websites claiming to take no responsibility for the loss of or damage to personal information;
- Users being expected to provide personal details before the terms and conditions are provided.
The letters have been sent to eHarmony, match.com, Cupid, and Global Personals, as well as industry trade body the Association of British Introduction Agencies.
Online dating sites show lax data management
Entwisle said the Panorama programme presents evidence that suggests quite concerning business practices by some dating websites.
“It’s concerning to see that there appear to be sites which, as a matter of course, are falling far short of the legal standards for ensuring information is accurate and up to date,” he said.
However, he said that while the BBC report paints a disturbing picture, the number of complaints the ICO is receiving from the public is not very high.
“That could be because this is only an issue with a small minority of websites, or it could be because people are reluctant to come forward. The work we’re doing now will help us to better understand the scale of the issue,” he said.
Entwisle urged anyone who believes a dating website has misused their data to make a complaint to the ICO.