Set me up, knock me down: Legal Obligations of Dating Apps to address Sexual Violence

A recent investigation by ABC in Australia found that hundreds of people experience sexual harassment and abuse on Tinder and damningly, that Tinder largely ignored survivors who approached the app for help after the abuse. This report once again brings to the fore the clear need for internet intermediaries, including online dating companies, to take more active steps to combat gender-based violence (GBV) facilitated by their platforms. While there are growing calls from the public for dating apps or websites such as Tinder, Bumble, Grindr and Hinge to abide by this moral responsibility, the legal position on this issue is murkier.

Most countries lack clear legal frameworks which establish the obligations or responsibilities of intermediaries to prevent and respond to cases of online GBV, let alone offline sexual violence which is facilitated by online platforms. In some countries, safe harbour provisions established to preserve free speech online that were intended to protect intermediaries from liability for third party content hosted on their platform have been expanded to protect intermediaries from liability for any illegal acts conducted by third parties using the platform. For instance, in the United States, Grindr was held to be protected from liability under section 230 of the Communications Decency Act (the safe harbour provision under US law). This was despite the fact that Grindr took no action in response to over fifty requests to take down fake profiles created by one user’s ex which led to hundreds of men harassing the user at his home. On the other hand, courts in Israel have held dating sites liable for failing to remove fake profiles using the personal information of another user, and have ordered the payment of compensation in such cases.

Most countries lack clear legal frameworks which establish the obligations or responsibilities of intermediaries to prevent and respond to cases of online GBV, let alone offline sexual violence which is facilitated by online platforms.

Safe harbour provisions in most laws require intermediaries to exercise certain due diligence obligations to avoid liability. In relation to illegal content online, these due diligence obligations usually mean that an intermediary can be held liable for failing to take down content after receiving notice that they are hosting illegal content. However, the exact model varies from country to country - some require a judicial order, while others follow a notice-counter notice mechanism which requires the other party to be heard before the content is taken down.

Applying these due diligence obligations to cases of GBV (whether in the form of online harassment/abuse or offline violence facilitated by online platforms) could require dating apps to take the following steps to better respond and protect users on their platform from GBV:

• Take proactive measures: Some countries are leaning towards introducing a duty of care for intermediaries to protect their users from online harms. In the context of dating apps, this could take place in the form of requiring mandatory identity verification of users, or background checks to ensure that known and convicted sex offenders are not allowed to register on the app. Some paid dating apps take some of these precautionary measures, but the free apps or versions usually do not. Checking user’s names against official sex offender registries could be considered a minimal and easy step which apps can take to protect users from sexual violence. In the United States, the Oversight and Reform subcommittee of the US Congress investigated dating apps earlier this year for allowing convicted sex offenders to use their services. However, many countries in the global South do not maintain sex offender registries. For countries without such registries, a criminal background check to keep sexual abusers off the app could be more difficult and expensive to perform. Further, requiring all users to undergo a background check before registering onto a dating app also raises many legitimate privacy concerns and increases the sensitive and personal data available to companies such as Tinder. A few U.S. states which have passed laws regulating online dating safety thus do not mandate criminal background checks. Rather, these laws require dating websites to publish safety awareness notifications for its users and if background checks are not performed, to conspicuously disclose to users that the website does not conduct such criminal background screenings.

Requiring all users to undergo a background check before registering onto a dating app also raises many legitimate privacy concerns and increases the sensitive and personal data available to companies such as Tinder.

As an alternative to background checks, there have been suggestions to make identity verification mandatory, through various means such as linking to a social media profile or requiring users to upload a copy of a government-approved ID. Identity verification could also help combat the problem of users creating multiple alternate profiles even after their original profile was taken down after an abuse complaint. In India, a government advisory issued under the Information Technology Act to matrimonial websites requires these intermediaries to clearly publish details of the available complaint redressal mechanism and the Grievance Officer appointed by the website. It also asks matrimonial websites to “strive” to provide user identification through registered mobile numbers or by asking users to upload a legally verifiable ID (though these requirements are not mandatory).

However, requiring identity verification has also been criticized for violating the privacy of users, and could also impact the ability of women who are trying to escape from abusers to create profiles under a pseudonym, which may in fact harm their safety. Mandatory identity verification on dating and other social media sites could also create a host of other issues, including forced reveal of one’s gender identity, increased danger of profiling and surveillance by government authorities, and data protection concerns associated with mandatory sharing of personal IDs (particularly if they are biometric IDs) with private companies.  Given these serious concerns, rather than requiring identity verification, dating apps could take other steps to ensure that banned users do not create fake profiles, such as checking the IP address from which the new profile was created, monitoring for image repetition and the like.

Mandatory identity verification on dating and other social media sites could also create a host of other issues, including forced reveal of one’s gender identity, increased danger of profiling and surveillance by government authorities, and data protection concerns associated with mandatory sharing of personal IDs (particularly if they are biometric IDs) with private companies.

• Respond effectively to reports of sexual violence: It can be argued that dating apps have an ethical responsibility to ensure that persons against whom reports of sexual abuse are received are not able to continue to use the app to assault other women. Almost all dating apps have reporting mechanisms whereby users are able to report acts of sexual harassment and abuse. However, as the ABC investigation found, these reporting mechanisms are usually practically ineffective, with most users receiving no response at all or receiving a generic/automated message which provided no information about the action taken, if any. This is in direct violation of Match Group’s safety policies, which assures users that they will review the complaint and take necessary action, including blocking the user’s account.

With respect to children, mandatory reporting obligations which are present in the laws of many countries would require intermediaries to report any cases of sexual assault which come to their attention, failing which they could be held criminally responsible. For instance, in India, a complaint was filed against a healthcare app for failing to file a criminal report against a user who posted a message claiming that he had sexually abused a child. However, when it comes to reports of sexual violence by adult women, the laws in most countries do not impose any obligations on intermediaries to respond to such complaints. Ideally, due diligence obligations of intermediaries ought to require them to respond in a timely manner, inquire into the complaint and take steps to ban abusive users from the platforms as well as take down abusive content. As recommended by the United Nations Special Rapporteur on Violence against Women, intermediaries should have transparent complaint mechanisms for ICT-facilitated violence, and provide details of the number of complaints made and action taken.

Ideally, due diligence obligations of intermediaries ought to require them to respond in a timely manner, inquire into the complaint and take steps to ban abusive users from the platforms as well as take down abusive content.

• Co-operate with law enforcement: Some laws require intermediaries to cooperate with law enforcement if a criminal investigation against one of their users is ongoing. For example, the South African Protection from Harassment Act, which deals with online and offline harassment, has certain provisions requiring electronic communications service providers to assist courts in identifying perpetrators responsible for the harassment. Failure to provide the requisite information to courts in these cases could result in criminal action being taken against the service provider. Other laws, such as India’s 2011 Intermediaries Guidelines have general provisions requiring intermediaries to provide assistance and information to government authorities for the purpose of verification of identity, or for prevention, detection, investigation or prosecution of criminal offences. Even in the absence of specific legal provisions relating to digital platforms, criminal laws in most countries have enabling provisions which can be used to require dating apps to disclose information regarding the perpetrator. The privacy policies of most apps, including Tinder, also indicate that they are entitled to release user information to law enforcement to ensure legal compliance. To make use of these provisions effectively however, local law enforcement officials need to have the capacity and knowledge to hold dating apps to account.

Even in the absence of specific legal provisions relating to digital platforms, criminal laws in most countries have enabling provisions which can be used to require dating apps to disclose information regarding the perpetrator.

Given the general lack of legal obligations applicable to intermediaries to prevent and redress instances of GBV which take place on or are facilitated by their platforms, one approach has been to call for a move towards “intermediary responsibility” wherein intermediaries voluntarily commit to abiding by international human rights norms and undertaking due diligence measures to protect users from GBV. The UN Guiding Principles on Business and Human Rights (known as the Ruggie Framework) also provides guidance on the actions which intermediaries can take to protect human rights online, though these principles have been hard to enforce.

While most dating apps claim to take the safety of their users seriously (see Tinder’s Safety Policy), the ABC investigation and similar reports from other countries have shown that in the absence of legal obligations, online dating companies often do very little in practice to protect users from violence and abuse. While Tinder has committed to doing more in response to the ABC report, including by promising to co-operate with law enforcement and responding to users’ reports on GBV, it remains to be seen whether these commitments result in any changes on the ground. Unlike other social media companies which publish regular transparency reports, most dating apps including Tinder, do not publish reports disclosing the number of assault and harassment complaints they receive, the action taken in response to these complaints. Improving transparency is an essential first step which dating apps need to take in improving their response to reports of GBV facilitated by their platform.

Unlike other social media companies which publish regular transparency reports, most dating apps including Tinder, do not publish reports disclosing the number of assault and harassment complaints they receive, the action taken in response to these complaints.

In this context, the imposition of greater legal responsibility on intermediaries may be the only effective way to force online dating companies to take more concrete steps in response to GBV facilitated by their platforms. While some traditional concerns regarding increasing liability of intermediaries (such as privacy concerns of users) do remain even in cases involving dating apps, other concerns such as the chilling effect on free speech do not apply as much due to the lack of public speech on dating apps. Instead of blindly applying a one size fits all approach in cases of intermediary liability, states need to go beyond traditional conceptions and enact laws which hold intermediaries like Tinder responsible for their flagrant failure to take action in response to reports of GBV.