Class Action Alleges Match Uses Biometric Data Without Consent
Match Group and its affiliated dating websites collect, analyze and use unique biometric identifiers associated with people’s faces in photos uploaded to their apps and websites without disclosing or acknowledging the collection or requesting consent, alleged plaintiffs in a complaint (docket 1:22-cv-06924) that Match Group removed Friday to U.S. District Court for Northern Illinois in Chicago from Cook County Circuit Court.
Plaintiff Marcus Baker of Chicago says the exact number of class members is unknown, but because Match sites’ apps have been downloaded by more than 82 million individuals, “thousands” of Illinois users are included. There are more than 5,000 Tinder users in Illinois, said the notice of removal.
Dating app users are encouraged to upload photos to Match Group’s apps and websites to increase their chances of finding a potential match, and users are required to upload a photo to complete their account and begin using the app. “Unbeknownst to users,” the dating sites collect, analyze and use biometric identifiers associated with users' faces uploaded to the company's apps and websites, a violation of the Illinois Biometric Information Privacy Act (BIPA), said the complaint.
Defendant OkCupid’s privacy policies say “privacy is a top priority,” but the company “fails to disclose that they collect and use biometric data,” said the complaint. If Baker had known Match Group and other Match dating sites would collect and use his biometric data, he “would not have used their dating apps and websites,” the complaint said.
Citing Business Insider data, the complaint pegged Match Group’s reach with its sites including Hinge, PlentyofFish, Tinder and BLK, at 60% of the dating app market, noting consumers frequently belong to more than one site. It noted that in 2014, Match Group reported 56 million downloads across its dating sites and that in the first three quarters of 2020, its sites were installed 82 million times worldwide.
Match’s actions are an “invasion” of Baker's and class members’ right to privacy and violate BIPA because the sites didn’t (1) inform them that their biometric data was being generated, (2) inform them in writing how their biometric data was being collected and used; (3) provide a retention schedule and guidelines for permanently destroying biometric identifiers, and (4) request or receive a written release to collect the data, said the complaint.
In asking for class-action certification, plaintiff Baker seeks a ruling that Match’s and its affiliates’ actions violate BIPA and that the court award statutory damages of $5,000 and $1,000 for intentional and negligent violation of BIPA laws, plus reasonable litigation expenses and attorneys’ fees. Match didn't comment Monday.