Presently, these are covered only by a voluntary code created by the Online Dating Association.
EU wide: GDPR (in force today)
You should be sure that your users are at least old enough to give consent for their personal data to be processed, if you rely on consent under Article 8 of GDPR, as a basis for processing some or all personal data you obtain from your users. (Remember, personal data even includes just an IP address.) In the UK, this “age of digital consent” is 13 but it varies between EU member states so if you have users in the EU, you will need to also determine their location and apply the relevant age as part of this check.
USA: Children’s Online Privacy Protection Act (COPPA)
The Children’s Online Privacy Protection Rule seeks to put parents in control of what information commercial websites collect from their children online. It applies globally to sites providing a service to users located in the USA.
You’re covered by COPPA if:
- Your website or online service is directed to children under 13 and collects personal information from them;
- Your website or online service is directed to a general audience, but you have “actual knowledge” you’re collecting personal information from a child under 13. The FTC has said that an operator has actual knowledge of a user’s age if the site or service asks for – and receives – information from the user that allows it to determine the person’s age. For example, an operator who asks for a date of birth on a site’s registration page has actual knowledge as defined by COPPA if a user responds with a year that suggests they’re under 13. An operator also may have actual knowledge based on answers to “age identifying” questions like “What grade are you in?”; or
- You run a third-party service like an ad network or plug-in and you’re collecting information from users of a site or service directed to children under 13.Third-party sites or services may have actual knowledge under COPPA, too. For example, if the operator of a child-directed site directly communicates to an ad network or plug-in about the nature of its site, the ad network or plug-in will have actual knowledge under COPPA. The same holds true if a representative of the ad network or plug-in recognizes the child-directed nature of the site’s content. Another way an ad network or plug-in may have actual knowledge: If a concerned parent or someone else informs a representative of the ad network or plug-in that it’s collecting information from children or users of a child-directed site or service.
Websites and online services covered by COPPA must post privacy policies, provide parents with direct notice of their information practices, and get verifiable consent from a parent or guardian before collecting personal information from children.
UK only: Age Appropriate Design Code (in force today, but grace period in operation in the UK until 2 September 2021)
This requires sites to consider if they could risk the moral, physical or mental well-being of children under 18. And if so, to put in proportional measures to safeguard children and young people.
Where adults can interact with minors, there is a risk of grooming, the inappropriate exchange of photographs and conversations etc. Indeed, research shows that this is increasingly a problem between minors as well.
As dating sites facilitate physical encounters (by definition), there may also be a physical risk if children agree to meet others through the service.
Our opinion is that dating sites clearly require age verification to be in place to keep children from using the service. The rigor required is a matter for the judgement of the sites concerned – giving consideration to the nature of the content on the site, the number of users under 18 found to be using it, etc. But given the reputational risk if a child is harmed by your service, we recommend at least a standard level of assurance. See our page on levels of assurance for an explanation of the methods of age verification that achieve this degree of confidence in an age check.
Online Safety Bill (only draft legislation, not yet passed by Parliament)
As dating sites allow users to interact and share content such as photographs, they are in scope for the Online Safety legislation.
As dating sites are also “likely to be used by Children” they must comply with the further duties applicable. (Remember, children are defined as under 18-years-old.)
The largest sites may be considered Category 1 sites, with additional duties placed on them.
Please read our briefing on the Online Safety Bill for further explanation of these new duties.