French dating sites spanked for laissez faire data protection
Data watchdog advises eager Gallic singles to say 'Non' to naked selfies
French privacy watchdog CNIL has spanked 13 dating websites for abuses of data protection law.
The large number of users and extreme sensitivity of the data processed led CNIL to put dating sites on its 2014 programme of inspection. Following raids on eight companies that owned the sites, CNIL has ordered them to change their practices regarding the collection and processing of information about their customers.
In its public statement, CNIL said that the sites do not properly inform users of their rights with regard to access, deletion and rectification of data.
Nor do they explain the conditions in which cookies are deposited on their computer.
Some of the companies have also failed to delete “the data of the members who asked to unsubscribe or have not used their account for a long time.” A similar charge has been levelled against the recently hacked American adultery site Ashley Madison.
The 13 sites involved in the CNIL probe are: Meetic (free European dating site), Attractive World (hotties only), Destidyll (international dating site), Easyflirt (promises "100 per cent real" profiles), Rencontre Obèse (for those looking for “fuller figured” ladies), Forcegay (gay dating site – force doesn’t mean what you think it does in English), Mektoube (Muslim dating site), JDream (Jewish dating site), Feujworld (another Jewish dating site), Gauche Rencontre (for political lefties), Adopte Un Mec (a supermarket for women seeking men – 50 per cent off bearded blokes this week, apparently), Celibest (for the east of France only) and Marmite Love (for all food lovers, not just those obsessed with spreadable yeast extract).
“Most sites offer their users highly targeted search options – by social community, ethnic or religious group, by geographic location, physical type, sexual activity or political opinion – but do not get explicit consent of individuals to collect sensitive data,” says CNIL.
It suggests an opt-in box along the following lines: “The information about your political beliefs, religious beliefs and practices, sexual orientations and practices, collected for registration for this dating site, is sensitive information. I agree that these data are processed by the XXX website.”
Rather than proceed directly to sanctions, CNIL has given the companies three months to put their houses in order. If they do not comply within the time limit, fines may follow.
CNIL says it has made its findings public in order to alert the large number of lonely hearts users to the dangers. If the companies sort themselves out, that will also be announced.
As well as publically naming and shaming the sites involved, CNIL published advice to users, such as check that the site uses https, use a pseudonym (duh), use a secure password (double duh) and don’t post sexually explicit selfies to public profiles (triple duh). It also reminds people that they have the right to know what information the wesbsites have stored about them and if they are not happy, they can always take a complaint to CNIL. ®