Happn

1. The organization

This Data Ethical Consultation will concern Happn. Happn is an online dating app that uses its user's location to show them people they may like. In short, it shows you people you have crossed paths with during a day that you may like and thus provides some sort of overview of people that regularly visit the same places as you do. The company itself has some explanation on their website: "Sometimes destiny needs a boost! Walking down the street, sitting at a bar or on a night out, we’ve all experienced it: you make eye contact with someone who catches your attention, but you don’t dare go up to them. Now with happn, you can find the people you’ve crossed paths with and make your own luck!" source: https://happn.com

2. The AI technologies Employed

The app first and foremost location tracking to track your location at all times. Your location is constantly being monitored and used to 'match' you with other people that were at the same location as you at the same time and thus you have 'crossed paths with'. The app therefore constantly uses an algorithm that compares your location data to other people in order to find the people that you have crossed paths with. In addition to that, the app started using artificial intelligence from 2017 onward to rank profiles that might be more interesting to you. The app uses a wide variety of data such as the in-app user behavior data combined with the profile data provided by the user to feed to the machine learning algorithms that learn to provide increasingly more relevant and curated matches. The company tunes the algorithms to account for personality traits, music taste, beliefs, attitude, and much more. They have also introduced an extra in-app game that provides you with four people that have possibly liked you. You then have to pick from these four people which one you think is the one that like you. This features uses AI to combine your own preferences and match history in order to provide the four most plausible options.

3. Ethical concerns

Happn is in my opinion highly aware of some of the ethical concerns that they are faced with. Their usage of location data is after all their unique selling point, but this makes them even more susceptible to possible data leakage, privacy issues and related concerns. They provide some basic information about their privacy services on their website and additionally have an elaborate privacy policy. However, based on the ethical concerns discussed in the course I think there are a few things that are still overlooked or not being payed enough attention to by the company.

Informed consent

In article 6 of the GDPR the definition of consent is given as follows:

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

It is further clarified in article 7:

1: Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data.
2: If the data subject’s consent is given in the context of a written declaration which also concerns other matters, the request for consent shall be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language. Any part of such a declaration which constitutes an infringement of this Regulation shall not be binding.
3: The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent.
4: When assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract.

Informed consent relates to the notion that the data subject knows the identity of the processor, what data processing activities are conducted, the purpose of the data processing and the fact that they can withdraw consent at all times.

Happn makes a good effort to provide as much information as possible about the data they process and for which purposes. However, due to this elaborate privacy policy it might be a bit of a stretch for people to read all of this information. This is also known as the Transparency Paradox, introduced by Nissenbaum (2011). She explains that transparency can be achieved by conveing information handling practices (such as privacy policies) in way that is relevant and meaningful to the choices individuals must make. This includes leaving out very detailed descriptions and exceptions. She claims that very elaborate privacy policies are unlikely to be understood, let alone read.

When an abundance of information is given to a person, there is a tendency that the important information might be overshadowed by the fact that so much information is given. It loses a part of the feeling of urgency. Furthermore, the privacy policy includes a lot of technical terms and information that might not be understandable for a lot of people. When people do not know what exactly they consent to, because they do not fully understand all of the information, this diminishes the 'informed' part of giving consent which can be seen as something problematic.

Location tracking

The basis of Happn is the fact that you can match with people based on the location you visit. The idea is that people who visit a lot of the same places, might have the same interests and way of life and might thus be a good match. Besides the fact that you see where you crossed paths with someone, you can also see when and how many times. The data must thus be tracked at real-time and be quite concise. This means that users of the app are basically tracked all day every day in a very concise and precise way.

In my opinion, this is very sensitive data that people might not be fully aware of the fact that they are sharing it. Especially the places you regurarly visit can say a lot about you; where you live, where you work etc. In an extreme case, some other user might stalk you long enough to be able to figure out where you live based on the time and frequency of where you have crossed paths. The courier mail indeed start an experiment to see whether they could find out where a person lived, and within the course of two weeks they were able to do so.

Data Storage and Sharing

In addition to that, this sort of personal data can be very interesting for hackers to retrieve. Besides location data, a lot of personal preferences and information is stored by Happn that can directly lead back to a person. It is therefore very important to inform the users how this data is collected and most of all how it is stored. Happn does not include any information about how they store their data and how they ensure that is safely protected. If I were to use this app, I would want to have information about the way they protect my personal data and how they prevent it from being used for the wrong purposes.

Following this, the privay policy remains very vague about which people are allowed to access the personal information of the users and if and how this might be shared with third parties. The privacy policy includes the following statement:

Only certain HAPPN employees from customer services and authorized managers process Members’ personal data for the purposes described above. These employees and authorized managers only have access to the data necessary to perform their duties.

This statement is intended to ensure the user that their information can only be accessed by the right personnel, but it does not elaborate at all who specifically these people might be and what the 'data necessary to perform their duties' might entail. Their definition of the data that is necessary might be very broad and not at all in line with what an user might imagine.

Finally, the privacy policy includes some information about sharing the data with third parties:

Authenticated and reliable service providers and partners, who may access and/or process Members’ personal data, in compliance with the Privacy Policy, and ensuring the security and privacy of the Members’ personal data.

Once again, this section is intended to enlarge the feeling of safety of the users, but remains very vague. Who are these partners? Why do they have access to members' personal data? And how do they exactly ensure the security and privacy of the personal data by these third parties?

4. Recommendations

Based on the information explicated above, I have identified a few areas in which improvements can be made.

Informed Consent

The abundance of information that is given in the privacy policy should be minimized. If too much information is given to an individual it may lead to the transparency paradox. In order to prevent this transparency paradox from emerging, the privacy policy should be made more concise and understandable for everyone.

Location tracking

Users should be made fully aware of the fact that their location is being tracked in real-time, all day, every day. You might provide sensitive information about your place of work or where you live without fully realising this. I believe that it should therefore be made clear when you sign up for the app that your locations is going to be tracked at all times. In an ideal situation, Happn would add a sort of button that you can check saying 'I fully understand the consequences that my location tracking might have'.

Data Storage and Sharing

Happn should include more information about how and where the personal data is stored. There is no information whatsoever about their data storing practices in the privacy policy. I would recommend to add a separate subsection on this which quickly summarizes their use of for instance anonymization and data protection. This should include how they store the data and which actions they take in order to protect the data and make sure it is not leaked or stolen.

Finally, it is not made clear which people and third-parties have acces to which kind of data. There is a small part included in the privacy policy that claims that Happn ensures the security and privacy of the members' personal data when this is shared with third parties. But how this is put into practice exactly is not explained.