Violating Privacy Is Bad Business

Linda Chavez
|
Posted: Jan 08, 2016 12:01 AM
Violating Privacy Is Bad Business
Hooking up online and improving college exam scores wouldn't seem to have much in common, but apparently the nation's largest online dating service company is betting they do. The Match Group of dating sites -- which includes Match.com, Tinder, OkCupid, FriendScout24, PlentyOfFish and Chemistry.com -- spun off in late 2015 from IAC along with two businesses aimed at improving grades and test scores for college-bound students, The Princeton Review and Tutor.com. Obviously, the company hopes that combining the enterprises will enhance what the business world likes to call synergy, in this case access to an expanded pool of customers to generate economic returns greater than the sum of its constituent parts. Nothing wrong with that -- except when the business model may depend on violating the privacy of individuals.

Online dating services accumulate volumes of information on those who sign up to meet prospective partners -- info on income, education, likes, interests, personality traits, physical appearance, you name it. Their success depends on mining this data to market people to one another and to attract new customers. Some services charge hefty monthly fees; others are "free," sort of. The latter make money by selling access to users to advertisers, who can target their ads to meet the demographic characteristics and habits of users. Free sites also usually provide premium access that requires a fee for more personal information or for upping the chances that the customer's profile will reach potential matches.

Anyone who signs up for such services knows that the information he or she provides will be available to many people -- but I'm guessing that most who submit pictures and personal, sometimes intimate, details aren't imagining their data becoming a gold mine for advertisers, much less hackers. Last year's much-covered hack into Ashley Madison, which billed itself as a site for married people to have affairs, shows how vulnerable the online dating sites are to hackers. The breach included the names, addresses and phone numbers of millions of users and was implicated in a handful of suicides, including one by a Baptist pastor and seminary teacher in New Orleans. In its corporate SEC filings, The Match Group admits: "We are frequently under attack by perpetrators of random or targeted malicious technology-related events. ... There can be no assurance that our efforts will prevent significant breaches in our systems or other such events from occurring."

But what about students who sign up for college exam prep courses or tutorial help in passing their chemistry or calculous courses? Do they imagine that enrolling for such services will mean their personal data could provide a gold mine for a company whose major revenue comes from online dating services? Do parents know that when their underage kids enroll for exam prep or tutoring, personal information may be shared with hookup sites that could then target their kids to become customers? I doubt it, and The Match Group makes no guarantee that data sharing among its entities will not include those customers whose sole aim is to improve their grades and test scores.

The privacy of education data has long been a public concern. The Family Educational Rights and Privacy Act of 1974 protects personally identifying information from most public disclosure. The act prohibits the release of information by schools and colleges without the permission of the student. But the law doesn't cover such entities as The Match Group.

Student privacy ought to be protected from unscrupulous business practices. A good start would be requiring a company such as The Match Group to ensure that the private data of its underage customers not be used as a profit center to boost revenues in its dating services. It would be good if the company itself would uphold high ethical standards by setting up a firewall between its educational services and its dating services. But if the company won't do it, lawmakers ought to look into regulating data sharing that might harm vulnerable underage consumers.