Trust and why dating apps need to use Self-Sovereign Identity technology

January 19, 2020
Louisa Bartoszek

2030 Group's Louisa Bartoszek explores the recent data controversy surrounding the relationship between the online advertising industry and dating apps and how Self-Sovereign Identity could protect consumers.

Online dating is mostly a lot of fun. And largely, free. But is it really? Are people secretly paying by giving away their private personal data? Do they even know the extent of how their personal dating profiles are being monetised?

A study this week from the Norwegian Consumer Counsel (NCC) implies the online advertising industry is allegedly exploiting dating apps through collecting personal data submitted by users. It states that the online advertising industry is “systematically breaking the law’ transmitting personal data and tracking users in ways that are banned under the European Union’s data law, known as GDPR.

The study tracked the activity of 10 popular apps during the period June to November 2019 in order to identify howpersonal data is transmitted from these apps to commercial third parties. Grindr has come under fire for the most criticism – specifically its links toTwitter’s MoPub, AT&T’s AppNexus, OpenX, AdColony and Smaato – for sharing personal data without sufficient consent.

Privacy-wise, the study says Grindr encourages users to read the privacy policy from MoPub; meanwhile, MoPub's privacy policy recommends that consumers read the privacy policies of the company's 160 partners in order to understand how their personal data may be used.

Twitter took swift action and suspended Grindr from its ad platform on January 15, 2020, saying it would “investigate allegations and assess Grindr’s consent mechanism”.

GDPR and the issue of consent

I think things are likely to get a little messy. That’s a lot of companies and with the responsibility on the consumer to manage it. Is this in the spirit of GDPR regulation? It will be interesting to see how the authorities react to the legal complaints being filed. If found in breach of GDPR, the companies could face fines of up to 4% of their global revenue.

The issue of ‘consent’ continues to be an issue for all companies who request and hold data on people who use apps.

The largest issue, as I see it, is that there continues to be an emphasis on pushing responsibility onto the consumer to understand a company’s privacy policy. Which is more often than not, heavy legalese. Dense and confusing. Most consumers just tick yes and don’t realise what they have said yes to.

Identity privacy ‘v’ identity trust

So, what if you wanted to protect your identity on dating apps from data sharing and analysis practices?

If you put your privacy first, it makes online dating virtually impossible, as trust in people being truthful online is vital. Daters need information on their possible partner, visual and factual, to determine whether they might be a match or not.

Otherwise, it is like daters putting their hand into the hat and drawing out a nameless, faceless, information-less lottery ticket in the hope it ‘could’ be their dream partner.

Let’s get real, that’s not going to work.

Then there is an issue fairly unique to Grindr. Grindr is one of the most popular dating apps for gay and bisexual men. And it’s not the first time the app has hit the headlines for data privacy concerns.

It came to light in April 2018 that the app was sharing user’s HIV status with third parties, along with location data and email addresses, without their knowledge (Grindr has confirmed this action has since stopped).

A severe breach in trust and in this instance, a material danger for many gay people around the world who cannot openly identify as such where homosexuality is still illegal.

Self-Sovereign Identity Solution

In my view, this is another example of an industry which needs to transform its approach to managing identity data, through incorporating Self-Sovereign Identity (SSI) technology into their operational infrastructure.

For example, one of our portfolio companies, IDWorks, has developed a solution which would allow users of the dating app to have direct control and ownership of their profile data. It would allow any dating app to issue verified credentials to all users or users to self-attest identity credentials. These credentials can relate to identity attributes, such as the online dater’s name, age, job, gender, sexual orientation, ethnicity, nationality etc, and can be integrated into existing identity solutions, such as biometrics, for even greater security.

Through this technology, users could set parameters for which data the dating app could see and which data the matches could see. The key however, is that the default setting is one that upholds the user’s privacy. The online dater is in control of their data, not the dating app. The onus would then be on the user to opt-in to sharing credentials with the dating app or with ad-networks – without having to mindlessly click through legalese. No-one should have their data used for anything without their express permission.

Verified credentials would give additional benefits such as increased security and personal safety with online daters, as they will be able to see a secure, verified profile of a potential partner that would be extremely hard to fake, greatly reducing the ability to fake profiles.

Online dating is a contract of digital trust. Data breaches like these erode this trust and can cause substantial reputational and financial damage as a consequence.

This doesn’t have to be the case. Technology exists today which can give daters the confidence to trust the apps they are using. We don’t have to go back in time to a world of only #IRL dating and print ads in the local newspaper.

It’s time for a serious debate about online surveillance practices and put personal data, back into the hands of the consumer.

To learn more about SSI and IDWorks, visit