NHS DSPT New Submission Requirements

View All

Case Studies

Powering Alt HAN Co.'s Smart Meter Rollout

View All

Upcoming Events

LEMA Summit 2024

View All


Image of a digital bleeding heartImage of a digital bleeding heart


Head-over-feels: How dating apps can mitigate romance fraud

14th Feb, 2023

Valentine’s Day is celebrated in many countries around the world whereby people on this day express the love they have for another.

Unfortunately, the run up to the day is a time where many are conned by fake deals on romantic gifts or by falling for a fake online dating profile.

How online dating apps have grown in popularity

Since its creation, online dating has evolved to become one of the most common ways to find potential partners in the US with more than a third of heterosexual couples having met online between 2015 and 2019. In contrast, there are 1.85 million people in the UK on Tinder (the UK’s most popular dating app), but only 5% of British couples met though an online dating platform and 1 in 5 people avoid using dating apps altogether until a better vetting process is established. In the age of Catfish and The Tinder Swindler, one can never be too careful about romance fraud…

Romance fraud occurs when one online user deceives another by creating a false profile or persona to form a relationship with them. Once they have gained their victim’s trust, they will use a variety of tactics to gain access to money or enough personal information to steal their victim’s identity.

The introduction of social distancing measures and closures of popular dating spots during the coronavirus pandemic created an opportunity for a rise in online dating. Ever the opportunists, this was heavily exploited by fraudsters. Action Fraud received 7,754 reports of romance fraud between April 2020 and April 2021 (40% higher than the previous year), with victims’ losses amounting to £73.9m, although the true figure is likely much higher. During this time, dating platforms Plenty of Fish and Tinder were targeted the most by scammers as well as social media platforms Instagram and Facebook, but victims reported even being targeted on LinkedIn and the game app, Words with Friends.

How dating apps can mitigate the risks to their users

Where an online platform facilitates interaction between users, regardless of its intended use, organisations must consider the risks that feature poses on its users, through a data protection impact assessment (DPIA). This assessment should help inform the organisation on what mitigating measures need to be introduced that will be appropriate and effective to protect the end-users, such as profanity filters and alert buttons where users can block or report others to the platform provider. Certain measures may be deemed appropriate for one platform provider but not for another so it is important that each makes their own evaluation.

Money and identity theft are not all that motivate those involved in romance fraud:

  • Some target someone they know with intent to humiliate them. They do this by engaging their victim to share something private or deeply personal (like explicit images) with them and then release (or threatening to release) it to their friends and family or into the public domain, often referred to as ‘revenge porn’.
  • Online dating platforms with specific demographics (eg. Race, sexual orientation or religion) are popular amongst those communities as a way to narrow the pool of potential matches. Dating apps popular in the LGBT+ community are often targeted by individuals or groups to lure them into romantic meet-ups that end with beatings, violence or even death.

Protecting Special Category Data

Online dating platforms must ensure that they are meeting additional conditions in order to process special categories of personal data lawfully, such as determining additional conditions and safeguards set out in the Data Protection Act 2018. This can include putting an appropriate policy document in place. However, organisations may not actively or knowingly collect or otherwise process special category data. If your organisation can infer or guess details about someone’s race, ethnicity, political opinions, religion, philosophical beliefs, trade union membership, health, sex life or sexual orientation from the data, or is drawing inferences from the data, then you should treat it as special category data.

An example of this was in 2020 where Grindr, the world’s largest social networking and online dating app for LGBT people, was subject to two separate investigations by the Spanish supervisory authority (AEPD) and the Norwegian authority (Datatilsynet) on the back of their data protection practices. Grindr maintained that it was not possible to extract its users’ sexual orientation since it did not specifically collect data on sexual orientations or gender identities, but the Datatilsynet concluded that someone’s use of Grindr is a strong indication that they belong to a sexual minority which therefore constitutes special category data.

Understanding what data your organisation processes about individuals is crucial in determining the risks such processing poses on them, particularly if they are more vulnerable members of society such as older generations. Whilst online dating platforms are the prevalent hunting grounds for romance scammers, they will also try their luck where they can on any platform where they can communicate with other users. Carrying out an effective DPIA on such features will identify risks to your data subjects and ongoing monitoring will assess the appropriateness and effectiveness of the mitigations implemented and, ultimately, protect your users’ hearts and their privacy.

Interested in our Data Protection Services?

If you would like to know more about our data protection work, or would like to speak with one of our experts, please complete this short form.