Many former Match.com users are worried about the site’s data security after their old accounts were accidentally reactivated.
A spokesperson for Match Group, which also owns dating apps OkCupid, PlentyofFish and Tinder, confirmed to The Verge that a “limited number” of old accounts had been mistakenly reactivated and that any account affected received a password reset.
Under the new policy, all those old accounts will be deleted, although there is no word on how old an account will have to be in order to be expunged.
While there is no federal data destruction law in the United States, 32 states — including Texas, where Match Group is headquartered — have legislation that require “entities to destroy, dispose, or otherwise make personal information unreadable or undecipherable.”
And Herb Vest, the founder and CEO of the now-defunct dating website True.com, said at the time that “the data just sits there.”
This isn’t the first time Match Group has faced complaints about its data policy. A 2010 class action lawsuit by former subscribers alleged that Match.com deceived users by keeping inactive and fraudulent accounts viewable. The suit was dismissed in 2012 after a US District Judge found that the site’s user agreement didn’t require it to remove these profiles.
Then in 2015, California resident Zeke Graf filed a class action lawsuit against Match claiming the company was knowingly violating a state civil code which requires every dating service contract to include a statement allowing the user to cancel their subscription. That lawsuit was later voluntarily dismissed by Graf.
But many are in agreement that there is no reason for a site to indefinitely hold onto a deleted account’s information.
“There probably are good reasons to keep deleted profiles for some period of time — for example, to prevent or detect repeat users or fake users, etc.,” Albert Gidari, consulting director of privacy at the Stanford Center for Internet and Society, wrote in an email. “But that doesn’t mean forever.”