Irish data regulator investigating Google and Tinder for data processing violations

Tinder search on phone

The Irish Data Protection Commission (DPC) is investigating complaints made about Google and Match Group for alleged GDPR violations.

The DPC said it had received a number of complaints from across the EU, in which concerns were raised with regard to Google's processing of location data.

For Match Group, also known as MTCH Technology Services, the commission said it had been monitoring complaints regarding possible "systemic" data protection issues on its Tinder platform. These issues pertain to the ongoing processing of users personal data and the transparency surrounding it.

"The DPC has commenced an own-volition Statutory Inquiry, with respect to MTCH Technology Services Limited, pursuant to section 110 of the Irish Data Protection 2018 law and in accordance with the cooperation mechanism outlined under Article 60 of the GDPR," the regulator said.

"The Inquiry of the DPC will set out to establish whether the company has a legal basis for the ongoing processing of its users' personal data and whether it meets its obligations as a data controller with regard to transparency and its compliance with data subject right's (sic) requests."


Building a modern information governance strategy

How to rethink your approach to develop a more modern information governance strategy


IT Pro has approached Match Group for comment.

Google will also face an "own-volition statutory inquiry" that will set out to establish whether the tech giant has a valid legal basis for processing the location data of its users and whether it meets its obligations as a data controller with regard to transparency. These will also fall under section 110 of Ireland's 2018 data protection law and in accordance with the cooperation mechanism outlined under Article 60 of the GDPR.

"We will cooperate fully with the office of the Data Protection Commission in its inquiry, and continue to work closely with regulators and consumer associations across Europe," a Google spokesperson told IT Pro. "In the last year, we have made a number of product changes to improve the level of user transparency and control over location data."

What is interesting this time is that the DPC's statement refers expressly to Article 60, according to GDPR specialist lawyer Frank Jennings. This, he told IT Pro, indicates that it wants to take the lead over the investigation, expecting the other EU authorities to fall in line and cooperate.

"For now, while the UK remains part of the EU, the UK Information Commissioner will cooperate too but, with a no-deal Brexit a possibility at the end of the year, the UK will become a 'third country' and will fall outside data fortress Europe and the cooperation regime."

Bobby Hellard

Bobby Hellard is ITPro's Reviews Editor and has worked on CloudPro and ChannelPro since 2018. In his time at ITPro, Bobby has covered stories for all the major technology companies, such as Apple, Microsoft, Amazon and Facebook, and regularly attends industry-leading events such as AWS Re:Invent and Google Cloud Next.

Bobby mainly covers hardware reviews, but you will also recognize him as the face of many of our video reviews of laptops and smartphones.