Data commissioner starts investigations into Google and Tinder

Move follows consumer complaints over how search giant Google processes location data

The Data Protection Commissioner  says it has  received ‘a number of complaints’ from  consumer organisations across the EU regarding how Google  processes  data. Photograph: Getty

The Data Protection Commissioner says it has received ‘a number of complaints’ from consumer organisations across the EU regarding how Google processes data. Photograph: Getty

 

Ireland’s Data Protection Commissioner (DPC) has opened investigations into search giant Google and Tinder, the matchmaking app.

Both investigations relate to how the companies’ process and retain different types of data held on their users.

In a statement the DPC said it was starting the investigation into Google after it became concerned about issues relating to how the company processes location-based data and the transparency measures it employs on the data.

The DPC said it had received “a number of complaints” from various consumer organisations across the EU regarding how the search company treats the data.

“The issues raised within the concerns relate to the legality of Google’s processing of location data and the transparency surrounding that processing,” the DPC said.

Regarding Tinder, the DPC said it launched the inquiry into MTCH Technology Services, the corporate name for Tinder, after “a number of issues” were identified by individuals in Ireland and across the EU.

Helen Dixon, Ireland’s Data Protection Commissioner. Photograph: Cyril Byrne
Helen Dixon, Ireland’s Data Protection Commissioner. Photograph: Cyril Byrne

“The identified issues pertain to… ongoing processing of users’ personal data with regard to its processing activities in relation to the Tinder platform, the transparency surrounding the ongoing processing and the company’s compliance with its obligations with regard to data subject right’s requests”.

A subject request is when an individual consumer asks a company to release the data held on them.

The inquiries will also examine whether either company has a legal basis for processing its users’ personal data.

Both investigations have been started by the DPC under its “own volition” powers, rather than in response to specific complaints, although complaints have been received on both counts.

Under strict European data protection laws, Ireland’s DPC is the lead regulator for both companies as they have their main legal European establishment here and decision making for data processing takes place here.

The DPC plays this role for many of the largest tech companies in the world.

The DPC has been subject to criticism recently from other data protection bodies. Germany’s federal data commissioner last week suggested the DPC was overwhelmed and “insufficiently equipped for its task”.

Helen Dixon, the Data Protection Commissioner, said last year she was disappointed that her office had received just €1.6 million extra in budget allocation, one third of what she had sought.