The Federal Trade Commission has taken enforcement action against OkCupid and its affiliate Match Group Americas, alleging the dating platform misled users about how their personal data was handled.

In a federal complaint, the agency said OkCupid shared sensitive user information—including photos and geolocation data—with an unrelated third party, despite promising users it would not do so without notice or an opportunity to opt out.

What the FTC alleges

According to the complaint, OkCupid’s privacy policy assured users their personal information would only be shared under limited circumstances, such as with service providers or affiliated companies—and only after notifying users and offering opt-out choices.

But regulators say those promises were broken.

The FTC alleges OkCupid provided a third party with access to nearly three million user photos, along with location and other personal data. The third party, which had no formal business relationship with OkCupid, reportedly sought the data because OkCupid’s founders were financial investors.

Critically, the agency says OkCupid:

• Did not inform users about the data sharing

• Did not offer an opt-out

• Imposed no contractual limits on how the data could be used

Alleged concealment

The complaint also accuses OkCupid and Match of attempting to conceal the data-sharing arrangement.

After a news report surfaced about the third party’s access to large OkCupid datasets, the company allegedly denied involvement publicly and to users. The FTC further claims the companies took steps to obstruct the agency’s investigation, which ultimately required enforcement of a Civil Investigative Demand in federal court.

“The FTC enforces the privacy promises that companies make,” said Christopher Mufarrige, director of the agency’s Bureau of Consumer Protection. “We will investigate—and where appropriate, take action—against companies that fail to follow through.”

Settlement terms

Under the proposed settlement, OkCupid and Match are permanently prohibited from misrepresenting how they:

• Collect, use, share, or protect personal data

• Disclose the purposes of data collection

• Provide or describe privacy controls and user choices

The order also bars the companies from misleading consumers about how they comply with applicable privacy laws.

The Commission approved the action in a 2–0 vote, and the complaint and proposed order were filed in federal court in Texas.

Why it matters

The case underscores increasing regulatory pressure on platforms that handle highly sensitive user data—especially dating apps, where information can include intimate photos, location history, and personal preferences.

Privacy advocates have long warned that gaps between stated policies and actual data practices can expose users to significant risks, including misuse of images, profiling, and unauthorized tracking.

What this means

• Privacy policies matter legally: Companies can face enforcement if real-world practices diverge from written promises.

• Sensitive data raises stakes: Photos and location data are among the most closely scrutinized categories.

• Investor ties can create risk: Sharing data with entities tied to insiders—without disclosure—can trigger regulatory action.

What the research says

Studies in digital privacy and consumer behavior consistently find that users rely heavily on stated privacy policies, even though they often do not read them in detail. When those policies are violated, trust declines sharply—and users may underestimate how widely their data can be shared once disclosed.

Research also shows that location data and images are among the most sensitive data types, with potential for misuse ranging from identity inference to physical safety risks.

Affordability Watch (data privacy edition)

While this case does not involve direct financial harm, privacy failures can carry indirect consumer costs:

• Identity theft or fraud linked to exposed personal data

• Reputational harm from misuse of photos

• Increased need for monitoring services or legal recourse

As regulators ramp up enforcement, companies may also pass along compliance costs—raising questions about how privacy protections intersect with pricing in digital services.