The Federal Trade Commission (FTC) is penalizing dating app OKCupid and Match Group Americas for violating their promise to protect their customers’ privacy.
The company secretly shared users’ personal data, including photos and location, with an outside company, violating its own privacy policy. The company’s documentation promises users that it will not share their information except in limited situations or after giving them the chance to opt out.
The FTC just settled with OkCupid and Match Group for secretly handing nearly 3 million users' dating profile photos and location data to Clarifai, a company that builds facial recognition software(!!!).
— Douglas Farrar (@DouglasLFarrar) March 30, 2026
The penalty? A promise not to do it again. pic.twitter.com/o06CdYBC8r
The FTC’s complaint alleges that the third party who received the information received “nearly three million OKCupid user photos as well as location and other information without placing any formal or contractual restrictions on how the information could be used,” according to a press release.
The settlement permanently bars OKCupid and Match from deceiving their customers about how they collect, use, share, or protect people’s data, or about how their privacy policies work.
An FTC official declared, “We will investigate, and where appropriate, take action against companies that promise to safeguard your data but fail to follow through—even if that means we have to enforce our Civil Investigative Demands in court.”
OkCupid Gave 3M Users’ Photos to AI Firm, FTC Sayshttps://t.co/T4bM5fIrme
— Reclaim The Net (@ReclaimTheNetHQ) April 9, 2026
The initial complaint alleged that the owners of the company shared the data in 2014 because they were involved with the other business that received it.
OkCupid was operated by Humor Rainbow, which is part of the larger Match corporate family, which owned several dating apps. The FTC said this made the sharing even more egregious because the company falsely told users it protected their information. Yet, the defendants worked to conceal their actions and even denied involvement in the matter.
These practices are tantamount to deceptive practices under Section Five of the FTC Act because the companies misrepresented how it would use people’s personal information.
Over recent years, the FTC has taken similar actions against other companies that engaged in the same type of conduct. In 2023, it reached a settlement with Amazon’s Ring after discovering that employees had unrestricted access to users’ home camera footage.
The agency also fined Meta, Facebook’s parent company, for repeatedly violating its own 2012 privacy order by sharing user data with third parties like Cambridge Analytica.