Facebook ices in-app dating in EU after questions from regulator

Facebook has delayed the rollout of its new dating feature in Europe, following officers from the Irish data regulator having popped by to ask why Facebook hadn’t checked in about it earlier or provided the necessary data privacy paperwork.

The Irish Data Protection Commission (DPC) said on Wednesday that Facebook Ireland hadn’t bothered to contact the DPC about its intention to roll out the new dating feature in the EU until Monday, 3 February. That’s not much time, the DPC said, given that this is the first we’ve heard about it, and given that Facebook planned to roll it out just 10 days later.

We were very concerned that this was the first that we’d heard from Facebook Ireland about this new feature […]. Our concerns were further compounded by the fact that no information/documentation was provided to us on 3 February in relation to the Data Protection Impact Assessment [DPIA] or the decision-making processes that were undertaken by Facebook Ireland.

Facebook first started talking about invading Tinder’s space with a dating feature for meeting non-friends back in May 2018 at its F8 developer conference. Then, it launched the in-app dating feature – called Facebook Dating – in September 2019 in the US, after having previously premiered it in 19 other countries, including Colombia, Canada, and Thailand.

Facebook says that it had, in fact, completed the necessary paperwork and shared it when asked. The BBC quoted a Facebook representative:

It’s really important that we get the launch of Facebook Dating right, so we are taking a bit more time to make sure the product is ready for the European market.

We worked carefully to create strong privacy safeguards and complete the data-processing impact assessment ahead of the proposed launch in Europe, which we shared with the [regulator] when it was requested.

When TechCrunch asked Facebook why, if it’s “really important” to get the launch “right,” it didn’t provide the DPC with the required documentation in advance instead of the regulator having to send agents to Facebook’s offices to get it themselves, Facebook said that the company doesn’t think it’s under obligation to do so:

We’re under no legal obligation to notify the IDPC of product launches. However, as a courtesy to the Office of the Data Protection Commission, who is our lead regulator for data protection in Europe, we proactively informed them of this proposed launch two weeks in advance. We had completed the data processing impact assessment well in advance of the European launch, which we shared with the IDPC when they asked for it.

The General Data Protection Regulation (GDPR) requires a DPIA any time a new project kicks off that’s likely to involve “a high risk” to other people’s personal information, be it through individual profiling or processing of sensitive data on a large scale.

A dating app that ties into Facebook’s cornucopia of personal data certainly falls within that sphere.

Facebook hasn’t given any indication of when the new release date will be for Facebook Dating in the EU.

Latest Naked Security podcast


Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.