On 16 December, the law firm Scott+Scott commenced legal action against Tinder Ireland and Match Group in the Amsterdam district court on behalf of the Take Back Your Privacy Foundation (TBYP).

The lawsuit, brought as a collective action under the Act on the Resolution of Mass Damages in Collective Action (Wet Afwikkeling Massaschade in Collectieve Actie ‒ WAMCA), claims that Tinder has systematically breached data privacy regulations and exploited the sensitive personal information of their users for profit over an extended period.

The lawsuit asserts that Tinder consistently gathers unnecessary sensitive personal information from its users, far exceeding what is required. This includes practices such as geo-tracking during app usage. According to the foundation, Tinder utilizes this information to construct comprehensive profiles of all users, which are subsequently sold to advertisers. TBYP contends that this conduct breaches European privacy laws (in particular, the GDPR) and is unethical, deceptive, and potentially hazardous.

According to TBYP, individuals utilize Tinder to seek compatible partners. Consequently, they disclose personal and sensitive information on the platform. This may include uncertainties regarding their sexual orientation, preferences for dating individuals of the same faith, or a desire for casual relationships. Tinder, however, shares this sensitive data with third-party companies.

Users are often unaware of this practice, as Tinder’s information regarding data sharing is intentionally vague, complex, and challenging to locate. Under the GDPR, consent cannot be implied. It must always be given through an opt-in, a declaration, or an active motion so there is no misunderstanding that the data subject has consented to the particular processing.

TBYP demands that Tinder cease all unlawful activities without delay. Additionally, it must eliminate any data acquired unlawfully and compensate its users for the material and non-material damages they have suffered.