Joseph Cox reports the follow-up to a breach that I covered on PogoWasRight.org. The breach involved a Danish grad student dumping OkCupid users’ personal and sensitive info in a data set for “research” purposes, claiming it was “public” data. They had neither sought nor obtained consent to scrape the user database, and although they did not include users’ names, they included usernames and took no steps to anonymize the data. Cox reports:
Earlier this month, two Danish students dumped data on 70,000 OkCupid users, including sexual preferences, turn-ons, and usernames. Although the information was already available on the dating site, the students faced widespread criticism for collecting and publishing highly sensitive information en masse without anonymising it, which meant that individuals could potentially be identified.
Now, Datatilsynet—the Danish Data Protection Authority (DPA)—has decided to to investigate the OkCupid incident.
Read more on Motherboard.
I’m glad the Danish authority is doing this, and I hope their investigation also extends to OkCupid itself, as they were reportedly scraped going back to 2014 and didn’t seem to detect that or block that. Is the FTC investigating, too?