Civil Society Open Letter Urges Bumble to Take Privacy Seriously

We, the undersigned privacy, public interest, and gender justice organizations, write to express our concerns over Bumble’s lack of clarity with respect to its privacy practices. Bumble is often lauded for its gender justice advocacy. However, we are concerned that its privacy practices may undermine its important work.

At this moment in history, gender justice is inextricably linked to privacy. As you know, dating apps collect vast amounts of intimate details about their customers – everything from their sexual preferences to precise location – who are often just searching for compatibility and love. For this reason, we believe the threshold for a company collecting, selling and transferring such personal data - and providing transparency about privacy practices - is high. This data falling into the wrong hands can come with unacceptable consequences, especially for those seeking reproductive health care, survivors of intimate partner violence (IPV), and members of the LGBTQ+ community.

Earlier this year, Mozilla published its *Privacy Not Included review of dating apps, which included a systematic assessment of Bumble’s privacy policy, and other factors like the company’s track record. Despite an increased concern for privacy among consumers, this most recent research suggests dating apps have become worse on privacy since the initial review in 2021. Mozilla found that unless users actively opt-out, Bumble could be selling users’ deeply personal data for profit. The policy was also unclear about whether all users can delete their data, regardless of where they live, and the company had previously struggled with security vulnerabilities. For these reasons, *PNI added a “Privacy Not Included” label to its review of Bumble, indicating that consumers should be concerned about the company’s privacy practices. The Mozilla *Privacy Not Included research team wrote Bumble with a list of specific privacy concerns on January 6th, January 19th, and April 11th, but the company has not replied and they remain outstanding to this day. The team also attempted to reach the contact email listed on the privacy policy ([email protected]) multiple times and also received no response. We the undersigned organizations urge Bumble to:

  1. Clarify in unambiguous terms whether or not Bumble sells customer data.
  2. If the answer is yes, identify what data or personal information Bumble sells, and to which partners, identifying particularly if any companies would be considered data brokers.
  3. Strengthen customers’ consent mechanism to opt-in to the sharing or sale of data, rather than opt-out.

We believe this is an important issue for Bumble’s customers. The reality is most consumers don’t have the time or the patience to sift through privacy policy legalese, or follow up repeatedly to get basic transparency and answers on how their data is being handled. Even with the full effort of a research team that specializes in poring over such policies, the privacy experts amongst us are left with more questions than answers, which does not respect the spirit of what a privacy notice is intended to provide consumers.

We were encouraged to see Bumble change its policies swiftly in the past after listening to its consumers and to civil society, and hope that this issue can be met with the same level of sincerity. We would welcome the opportunity to speak with your team about the questions outlined above. If you would be willing to do so, please reach out to Reem at [email protected] to coordinate a meeting with the coalition.

Thank you for your time and consideration.

Sincerely,

Mozilla
Access Now

Accountable Tech

Amnesty International

Civil Liberties Union for Europe

CyberLove

Defend Democracy

Electronic Frontier Foundation

Fight for the Future

Institute for Strategic Dialogue

Kairos Fellowship

UltraViolet

US Public Interest Research Group (US PIRG)

We, the undersigned privacy, public interest, and gender justice organizations, write to express our concerns over Bumble’s lack of clarity with respect to its privacy practices. Bumble is often lauded for its gender justice advocacy. However, we are concerned that its privacy practices may undermine its important work.

At this moment in history, gender justice is inextricably linked to privacy. As you know, dating apps collect vast amounts of intimate details about their customers – everything from their sexual preferences to precise location – who are often just searching for compatibility and love. For this reason, we believe the threshold for a company collecting, selling and transferring such personal data - and providing transparency about privacy practices - is high. This data falling into the wrong hands can come with unacceptable consequences, especially for those seeking reproductive health care, survivors of intimate partner violence (IPV), and members of the LGBTQ+ community.

Earlier this year, Mozilla published its *Privacy Not Included review of dating apps, which included a systematic assessment of Bumble’s privacy policy, and other factors like the company’s track record. Despite an increased concern for privacy among consumers, this most recent research suggests dating apps have become worse on privacy since the initial review in 2021. Mozilla found that unless users actively opt-out, Bumble could be selling users’ deeply personal data for profit. The policy was also unclear about whether all users can delete their data, regardless of where they live, and the company had previously struggled with security vulnerabilities. For these reasons, *PNI added a “Privacy Not Included” label to its review of Bumble, indicating that consumers should be concerned about the company’s privacy practices. The Mozilla *Privacy Not Included research team wrote Bumble with a list of specific privacy concerns on January 6th, January 19th, and April 11th, but the company has not replied and they remain outstanding to this day. The team also attempted to reach the contact email listed on the privacy policy ([email protected]) multiple times and also received no response. We the undersigned organizations urge Bumble to:

  1. Clarify in unambiguous terms whether or not Bumble sells customer data.
  2. If the answer is yes, identify what data or personal information Bumble sells, and to which partners, identifying particularly if any companies would be considered data brokers.
  3. Strengthen customers’ consent mechanism to opt-in to the sharing or sale of data, rather than opt-out.

We believe this is an important issue for Bumble’s customers. The reality is most consumers don’t have the time or the patience to sift through privacy policy legalese, or follow up repeatedly to get basic transparency and answers on how their data is being handled. Even with the full effort of a research team that specializes in poring over such policies, the privacy experts amongst us are left with more questions than answers, which does not respect the spirit of what a privacy notice is intended to provide consumers.

We were encouraged to see Bumble change its policies swiftly in the past after listening to its consumers and to civil society, and hope that this issue can be met with the same level of sincerity. We would welcome the opportunity to speak with your team about the questions outlined above. If you would be willing to do so, please reach out to Reem at [email protected] to coordinate a meeting with the coalition.

Thank you for your time and consideration.

Sincerely,

Mozilla
Access Now

Accountable Tech

Amnesty International

Civil Liberties Union for Europe

CyberLove

Defend Democracy

Electronic Frontier Foundation

Fight for the Future

Institute for Strategic Dialogue

Kairos Fellowship

UltraViolet

US Public Interest Research Group (US PIRG)