Consumer Electronics Daily was a Warren News publication.
No Retention Schedule Given

EHarmony, Grindr Facial Geometry Collection Practices Violate BIPA, Say Class Actions

Two privacy class actions filed Monday in U.S. District Court for Central California in Los Angeles allege dating platforms eHarmony and Grindr collected and retained biometric information from Illinois users in violation of Illinois’ Biometric Information Privacy Act (BIPA). The Beligan Law Group filed both actions.

Plaintiff Jacob Flynn opened a Grindr account in 2020 and as a condition of service was required to upload a real-time portrait, a selfie, of his face, which Grindr used to create a biometric template, said the complaint (docket 2:24-cv-00614). Grindr compares users’ facial biometrics with photographs they post on their online dating profile to verify their identity, the complaint said. The company collects, stores, uses and disseminates users' biometric data to further enhance its platform, it said.

Upon information and belief, Grindr has stored thousands of face templates from Illinois residents, each “unique to a particular individual in the same way that a fingerprint or voiceprint identifies an individual,” the complaint said. The dating site collected and retained biometric information for the purpose of verifying Flynn’s identity, it said.

Grindr had no public written policy establishing a retention schedule and guidelines for permanently destroying biometric information “when the initial purpose for collecting or obtaining such biometric information has been satisfied or within 3 years of the individual's last interaction with Grindr, whichever occurs first,” the complaint said. Grindr “made no mention of biometric information, collection of biometric information, or storage of biometric information,” nor how long it was being used, it said.

The purpose of Grindr’s collection of Flynn’s data ostensibly was to verify his identity, so it should have permanently destroyed his facial geometry after verifying his identity, the complaint said. But the platform failed to do so and instead retained his facial geometry, in violation of BIPA, said the complaint.

Upon information and belief, Grindr disclosed or disseminated Flynn’s biometric information to “numerous third-party service providers” that provide professional and business services and technical support functions to Grindr, the complaint said.

Grindr’s “unlawful collection, obtainment, storage, and use of its users' biometric data exposes them to serious and irreversible privacy risks,” the complaint said. If it or its third-party affiliates’ databases with his facial geometry scans are hacked, users “have no means by which to prevent identity theft, unauthorized tracking or other unlawful or improper use of this highly personal and private information,” it said.

Flynn seeks a declaration that Grindr violated BIPA; statutory damages of $5,000 for each intentional and reckless violation of BIPA or, alternatively, statutory damages of $1,000 per violation if the court finds that the violations weren’t willful; reasonable attorneys’ fees and costs; and actual damages, the complaint said.

In a lawsuit with nearly identical claims against eHarmony and Does 1-10, plaintiff Kevin Kohn was also required to upload his facial geometry to use the service, said his complaint (docket 2:24-cv-006130). Kohn opened an eHarmony account in 2020, and uploaded a selfie to gain access to the service, it said.

EHarmony collected and retained Kohn's biometric information to verify his identity without giving him a retention schedule, it said. Kohn’s prayer for relief also seeks statutory damages of $5,000 for each intentional and reckless violation of BIPA or alternatively, statutory damages of $1,000 per violation if the court finds that the violations weren’t willful. EHarmony and Grindr didn't comment Thursday.