Facebook has been forced to withdraw a planned rollout of Facebook Dating in Europe after Irish data protection regulators stepped in. The service was due to launch in time for Valentine’s Day, but Facebook pulled the plug after officials raised concerns about its compliance with EU law.
Facebook Dating is the company’s rival to Tinder and OKCupid, harnessing the combined power of Facebook, Instagram and WhatsApp to help people connect. That includes the ability to use Instagram stories as dating pictures and to list secret crushes just in case they feel the same way. Facebook had initially said, back when it rolled out in the US, that it would be coming to Europe in “early 2020.”
Europe’s comprehensive privacy law, the GDPR, requires companies to look at the potential effects of how they process data. Broadly speaking, if a business wants to do some hot-and-heavy data mashing, necessary for running a dating website, it needs to demonstrate that it’s thought it through. That involves handing over an impact assessment to the local regulator, essentially to show the processing is safe and lawful.
Since Facebook’s (and Google’s) European HQ is based in Dublin, the Irish Data Protection Commission is the local supervisory authority. That means that it needed to be told about the plans for Facebook Dating well in advance of the product’s rollout in Europe. The law doesn’t give a specific period of time for such disclosures to be made, but Article 36 suggests between eight and fourteen weeks.
By comparison, Facebook made its notification on February 3rd, saying that it would commence rolling out Facebook Dating on the 13th. That’s significantly shorter than the expected period of time for such an initiative. “Our initial concerns were around the fact that [Facebook] had only told us on the 3rd, and intended to roll out ten days later,” Graham Doyle, Deputy Data Protection Commissioner at Ireland’s Data Protection Commission, told Engadget.
Officials were further concerned when Facebook appeared to not have the required impact assessment, the key legal document that showed Facebook was complying with the law. “We didn’t receive any documentation with the notification of intent to roll it out,” said Doyle, who added that the paperwork couldn’t be a token gesture. Instead, regulators would expect a lengthy bundle of documents demonstrating that Facebook Dating was GDPR compliant. Facebook’s statement, below, disagrees, saying that it shared the impact assessment when requested.
In a statement, Ireland’s Data Protection Commission said that “no information/documentation was provided.” On Monday, February 10th, officials visited Facebook’s Dublin HQ to gather relevant documentation to try and resolve the situation. Two days later, on February 12th, and Facebook announced that it had suspended the roll-out of Facebook Dating.
In a statement, a Facebook spokesperson said: “It’s really important that we get the launch of Facebook Dating right so we are taking a bit more time to make sure the product is ready for the European market. We worked carefully to create strong privacy safeguards, and complete the data processing impact assessment ahead of the proposed launch in Europe, which we shared with the IDPC when it was requested.”
As the local regulator for all of Facebook’s European operations, the Data Protection Commission has a duty to keep its eye on the network. It currently has 11 current investigations into Facebook group companies, including eight on the social network itself, two concerning WhatsApp, and one on Instagram.