Articles

March 31, 2026

Hudson Cook Enforcement Alert: FTC Announces Enforcement Resolution with Online Dating Service Providers over Alleged Deceptive Data Sharing Practices

Webb McArthur and J. Francesca Gross

HIGHLIGHTS:

  • FTC announced a resolution of alleged violations of Section 5 of the FTC Act claims against two affiliated entities that operate multiple online dating platforms under common ownership concerning an alleged pattern or practice of disclosing user data to an unrelated third-party contrary to express privacy representations, including user photos, demographic information, and location information.
  • The entities neither admitted nor denied the allegations but consented to the entry of a permanent injunction and a number of additional remedial measures, including prohibition from misrepresenting its privacy policies.
  • The FTC emphasizes that the entities must honor their privacy commitments, stating that it "enforces the privacy promises that the companies make" and will act where "companies fail to follow through."

CASE SUMMARY:

On March 30, 2026, the FTC simultaneously filed a complaint and a consent order in the federal district court for the Northern District of Texas against two affiliated entities that operate within a common enterprise and share services, including online dating platforms, in Dallas, Texas. The complaint alleges that the Online Dating Service Providers, since September 2014, "gave an unrelated third-party company (the "Data Recipient") access to the personal data of millions of users, including user photos, demographic information, and location information...despite the Data Recipient not being permitted to have access to the data according to affiliated entities' 2014 privacy policies."

According to the Complaint, one company owns and operates an online and mobile dating service ("Online Dating Service"), which, along with its affiliated entity ("Affiliated Entity"), is one of several dating platforms owned and operated by a parent company. The FTC alleged that the companies "operated as a common enterprise" that has "conducted the business practices...through an interrelated network of companies that have common ownership, officers, employees, office locations, and business functions."

Furthermore, prior to a name change, the Affiliated Entity served as the registered agent for the Online Dating Service, providing many services, including "legal support, communications, finance, investor relations, and information technology," while the Online Dating Service lacked its own legal personnel. As a result, the FTC seeks to hold both entities responsible for the alleged deceptive practices.

Specifically, the Complaint states that since September 2014, the companies "gave an unrelated third-party company (the "Data Recipient") access to the personal data of millions of users, including users' photos, demographic information, and location information," despite representations limiting sharing within the 2014 privacy policies. The FTC focused on the affiliated entities' statement that they "do not share personal information with others except as indicated in this Privacy Policy or when we inform you and give you an opportunity to opt out of having your personal information shared."

The policies further indicated that personal information could only be shared with a limited number of recipients, such as service providers, business partners, affiliated companies, or in response to legal obligations. However, the FTC alleges that the Data Recipient involved did not fall within any of these disclosed categories.

The FTC alleges that the companies failed to give users an opportunity to opt out of sharing their personal data as required by the applicable privacy policies. Additionally, the FTC claims the companies "never informed users that it shared [users'] personal information with the Data Recipient contrary to the representations in [their] privacy policies." The companies are also accused of efforts to conceal their data-sharing practices.

The affiliated entities did not admit these allegations but agreed to a twenty-year stipulated order to resolve the matter that:

  • Prohibits misrepresentations regarding the collection, use, disclosure, or protection of consumer information;
  • Requires accurate disclosures about privacy controls and consumer options;
  • Imposes recordkeeping, compliance reporting, and monitoring obligations; and
  • Subjects the affiliated entities to ongoing FTC oversight and enforcement mechanisms.

The order's prohibitions also specifically address representations about the scope of data collection and sharing, the purposes for processing data, and the operation of privacy controls—areas directly linked to the alleged misstatements in the companies' privacy policies.

RESOURCES:
You can review all of the relevant court filings and press releases at the FTC's Case and Proceedings page

Enforcement Alerts by Hudson Cook, LLP, written by the attorneys in the firm's Government Investigations, Examinations and Enforcement and Litigation practice groups, are provided to keep you informed of federal and state government enforcement actions and related actions that may affect your business. Please contact our attorneys if you have any questions regarding this Alert. You may also view articles, register for an upcoming CFS Bites monthly webinar, or request a past webinar recording on our website.

Hudson Cook, LLP provides articles, webinars and other content on its website from time to time provided both by attorneys with Hudson Cook, LLP, and by other outside authors, for information purposes only. Hudson Cook, LLP does not warrant the accuracy or completeness of the content, and has no duty to correct or update information contained on its website. The views and opinions contained in the content provided on the Hudson Cook, LLP website do not constitute the views and opinion of the firm. Such content does not constitute legal advice from such authors or from Hudson Cook, LLP. For legal advice on a matter, one should seek the advice of counsel.