Data & Privacy
Managing, storing, protecting personal data is integral to dating services. By their very nature these services should have a high regard for data collection, processing and security. There is new and comprehensive legislation in place alongside guidance from the ICO, various trade bodies, legal firms and others. The ODA supplemented this in relation to dating but has done so on a limited basis in light of the high visibility of the law and pre-existing guidance.
New General Data Protection Regulations (GDPR) came into force on 25th May 2018.
Demonstrating good practice in managing personal data is good for customers, prospects and longer term for the industry itself.
We think it particularly important users understand whether the data they provide may be used for other purposes. This is a legal requirement but the need for clarity is reinforced by the occasional complaint that there could be a connection between an individual joining a service and some up-shift in the receipt of marketing “spam” not related to dating services. There may be particular uncertainty with users but also with regulators when dating services are provided free of charge and when the service does not appear to be funding by advertising placements.
As part of a joint exercise with the Competition and Markets Authority the ICO and CMA issued guidance on complying with consumer protection and data protection laws. The CMA guidance is part of our guidance on Honest and Clear Communications. The ICO element of guidance issued to leading operators in the sector in relation to data protection is set out below:
We also recommend companies refer to ICO-approved guidance published by the Direct Marketing Association (DMA) on the issue of user/customer/market automated decision-making and profiling. A copy of the Guide can be found here. There is reference on Page 8 to profiling and automated decision-making as legitimate activities when necessary for the performance of a contract. Further helpful information and guidance can also be found here.
The Information Commissioner’s Office (ICO) issues guidance on compliance with the various elements of the General Data Protection Regulation as well as other data protection and privacy matters.
The guidance sets out what constitutes personal data, how to recognise and respond to subject access requests, the right to request ID, the timeframe in which a response is required and the form that response can take, what to do if someone makes a request on behalf of others, what to do if a data set includes information about other people and the circumstances in which a request might be refused.
The ICO guidance can be accessed in full here.