RealMe Executive Interview: The New Privacy Legislation

GDI is delighted to launch the next RealMe executive interview, featuring Neil Davis, Chief Business Officer at RealMe solutions, and Dr. Hannah Shimko, Communications and Policy Director at the Online Dating Association.

We’ve recently seen the new legislation in Utah and Connecticut, encouraging dating apps to warn members on other users’ crime reports. Explain in your own words what these new developments are and what they mean for the industry

NEIL: So first, I am not a lawyer so I would highly recommend that every platform consult their counsel and get their opinion. The law in CT is signed and effective 10/1. It basically states that you need to declare if you do background checks on all your users and if you DO NOT do background checks, you must state constantly that members might not be safe on their platform. If you do perform checks, you must state whether you have eliminated users based on information found in those checks. The law is not well-drafted, but the fine is substantial for violations – $25,000 per instance. The Utah law is pretty much the same but not effective until 1/23. These fines could add up and probably put a dating app out of business.

Back in 2008, New Jersey passed “The Internet Dating Safety Act”; which was just amended to add significant responsibility to dating platforms for the safety of their users.

It was one of the first states to implement such an act to protect users of online dating platforms and apps. It meant that internet dating companies were required to disclose the extent of their safety measures. They had to inform users whether they did any background checks on members. This allowed users to make more informed choices on which online dating platform they should use. 

In the long run, this new legislation is a positive step for the industry as it will better ensure the trust and safety of dating platform users. In the short run, there is a stampede of platforms getting users verified and checked before the deadline. 

Neil Davis – Chief Business Officer at RealMe Solutions

What do the new regulations mean for RealMe?

NEIL: We have our hands full for the next few months. As one of the only companies that can: verify identity, tell you if a member is a real person, and perform the required background check; our client queue for launch is getting stacked. It also means that we need to develop ways for this functionality to be self-serve allowing all platforms, regardless of size, to become compliant.

What impact will these new regulations have on the dating community?

HANNAH: The regulations in Connecticut and Utah are asking the online dating industry to focus on the challenges of background checks. These follow on from similar pieces of legislation in both Texas and Arizona which show a trend toward legislators at a state level trying to make dating apps safer through regulation. In Arizona, the law centres on providing notices to members about those they have connected to who have a fraud ban, while the Texas bill focused on criminal background checks.

Both the Connecticut and Utah Bills, centre on whether or not the specified dating app with users in Utah or Connecticut utilise background checks. If they do not undertake background checks, they must make this clear to users in the state with the legislation through a method of communication (pop-ups, emails, texts etc) that is clear and easily accessible to the user.

If the dating service does utilise backgrounds, the service must make it clear to the user through a means of communication (again pop-ups, emails texts) how the background check is undertaken, what ‘red flags’ in the background check would or would not merit removal of the user from the platform (ie a traffic violation would not merit removal), and remind the user that background checks are not a guarantee of safety, as fraudsters will be skilled at subverting them.

These changes mean dating apps will need to think about whether or not they want to employ background checks, and what the impact of their choice will have on the user interface. As this legislation is in just a few states, dating services will need to make the choice if they roll out changes across the United States, or build in specific user journeys for users in Utah and Connecticut. ‘Users’ in these states are defined in each bill.

Dr. Hannah Shimko – Communications and Policy Director at the Online Dating Association

Both Bills also require dating services to provide safety awareness education, which is similar to the Online Dating Association’s (ODA) public resources. Specific areas of education can be found in each Bill. This element of the legislation means, again, developers must think about the user experience and how to incorporate safe dating advice clearly in the interface. 

The regulation in Utah also requires dating services to notify all users who have been in contact with another user that has been banned/removed for fraud. Dating services will need to contact each user who has been in contact with a banned account in a clear and conspicuous way stating which account has been banned and why, with a reminder to not send money to people met online and other fraud education resources. 

This regulation is a good impetus for the sector to think about the act of notifying users when they have been in contact with a banned profile, how this can be done within data privacy rules, and how this would work in different jurisdictions.

Finally, it is welcome to see the Utah bill has a section which protects individual employees who are working on dealing with sending notifications of banned members who do not comply with the 24-hour notification period, as long as they are acting in good faith.

As always, the ODA would recommend dating services operating in Utah and Connecticut consult a lawyer before taking action to comply with this legislation. 

I think these regulations illustrate the ways in which the online dating sector needs to think about the use of background checks and user safety; most of which the sector is already doing in relation to their user experiences. This legislation, along with new legislation in the UK and EU focused on online safety, means it is time for our sector to delve into our standards on trust and safety and compliance with expectations going forward. The threat of fines for non-compliance will of course act as an incentive to take this legislation seriously. 

Since the major impact of the new regulations in Connecticut, do you think this will have a domino affect across the country?

NEIL: It already has – as it should. Florida is drafting legislation, to be effective from 23rd January 2023, that looks to be more onerous, on platforms, than Connecticut. California is drafting as well but it seems to be a bit less cumbersome for platforms to comply. At the end of the day, more states than not will enact legislation on online dating platforms as it really is a way to enhance protection for women, and even men, which is why both bills passed without one “no” vote.

How will these new laws affect the members at ODA and new users joining the dating industry?

HANNAH: These two bills will impact all dating services in the same way. Dating services will be required to consider their trust and safety practices which align with these bills if they operate in Utah and Connecticut. They will need to consider how the safety requirements of the bills are folded into their user interfaces, and make sure the educational and notification elements are sufficiently met. We would always suggest taking legal counsel on compliance. 

It also means each dating app operating in these states will need to decide on utilising background checks – if they will have background checks or not, and how they will use the information from background checks if they do utilise them.

For incumbent dating services, this legislation means they may need to reassess elements of their services, whether the educational resources, KYC checks or reporting processes. It may also mean they need to be able to isolate CT and UT users, as necessary.

For new dating apps, they will be able to build in the requirements from the start, with a ‘safety by design’ approach.

Do you think dating platforms will take this seriously in Utah and Connecticut, or will they simply stop users from accessing their products to avoid background checks?

NEIL: It is a bit easier for platforms to just not allow access in Utah. Connecticut, on the other hand, is really problematic, as a decent % of Wall Street execs live in CT, so if a platform has visions of financing rounds, it will be challenging for companies to invest if they can’t even access the application from home.

Moreover, as Florida and California follow suit, no platform can withdraw from those vital states so platforms might as well figure this out now.

Looking at ethics, who should decide who remains on a platform and who should be removed? Does it leave dating platforms essentially deciding what’s acceptable and what’s not?

HANNAH: I would argue there are two elements to this question. There are actions that are illegal, and there are actions that run counter to a dating service’s terms and conditions, and these may vary from platform to platform.

In the UK and the EU, the legislation, and following regulation, will put definite parameters on some of the behaviours which would merit the removal of individuals from a platform. In the UK’s Online Safety Bill, currently in Parliament, the list of illegal priority harms is made clear, and platforms must have risk mitigation processes for removing illegal content. The Digital Services Act in the EU has similar requirements for platforms. However, these regulations do not require the removal of the user who uploaded the illegal content, just the removal of the actual content.

The UT and CT Bills also do not require the removal of users for breaching any legal requirements – the Bills are focused on the dating services themselves. Therefore, it is, as you say, down to the platforms to make a decision about the banning/removal of users. This is when clear and watertight Terms and Conditions are essential. Each dating service knows for itself what behaviours are welcome and which merit discipline or removal. Making the Ts and Cs, and expected user Code of Conduct, clear is essential for good standards in this area. 

Do you think this creates a monopoly for large dating corporations? How will startups navigate these new laws and can technology bridge the gap?

HANNAH: I don’t think this creates a monopoly for large dating corporations. The legislation is the same for everyone, and much of the requirements in both the UT and CT bills, as well as the Online Safety Bill and Digital Services Act, are trust and safety actions dating services should be considering anyway – things like content moderation, KYC checks, verification, background checks. 

Big corporations will have more funding for design or utilising third-party services to carry out elements of the regulatory regimes, but start-ups will be able to incorporate safety by design from the start. There will always be new regulations and legislation impacting the dating space – for instance, we don’t yet have regulation on the metaverse – so all companies need to be cognisant of policy discussions and potential changes. One of the roles of the ODA is to keep up to date with policy discussions and new legislation, so being a member of the ODA is a good way to know what is coming over the horizon.

In response to the question ‘can technology bridge the gap’ – there are a wealth of services that are ancillary to the dating sector which offer different safety and privacy experiences for users and for dating services. Both incumbent dating companies and start-ups can take advantage of utilising other services for elements of their dating experience and to meet the regulatory requirements in the jurisdictions in which they operate. 

With RealMe’s solution and technology which checks for real users, how will its access to criminal, arrest and court records support the new legislation?

NEIL: Not only can RealMe verify user identity using nothing more than a phone number, but we can cross this against our extensive databases to identify “bad actors” for dating platforms to react as they see fit.  The required communication is fairly well defined.  Since we do not retain data nor do we expose any PII; we provide an efficient and effective way to comply with the current, and likely forecasted, legislation.   

Do you think this will be effective in actually making platforms safer in these states, or could it just advocate a ‘black market’ theory of fake ID and fraudulent background checks?

HANNAH: I’m afraid I cannot make an overall judgement on whether these two bills will make platforms safer in either state, but I would suggest it will help online daters think more about their actions online. The ODA strongly supports better digital education for the public, and we specifically promote our online dating education resources. So, we welcome any requirements for dating services to continue to educate online daters to be safe and smart when looking for love.

As the Bills specify that the dating services must make clear that utilising background checks does not make a platform inherently safe, it is clear that background checks alone are not the answer to all the challenges of online dating platforms. There are many tools that can be used to help dating services be more secure and ‘safe’. 

As everyone in the dating industry knows, fraudsters, scammers and those removed from dating services for a myriad of reasons will always be looking for new ways to get back onto platforms. So, there is always the possibility that there will be a black market for fake IDs to circumvent background checks if they become more commonplace. 

In relation to wider trust and safety issues, the ODA always advocates for legislation that is focused on outcomes, rather than technologies or processes, and we would like to see all legislation be focused on risk assessments and mitigation that can be modified to each platform’s specific risks and challenges.

How do we protect data with these new laws? Some kind of identity verification, such as Social Security Numbers, will need to be provided, so what kind of data privacy issues could these new laws throw up?

HANNAH: Neither ‘new’ versions of the Bills ask for personal information such as social security numbers, although the original CT bill did in a previous draft. The ‘verification’ element has been removed from the Bill. This is good news, as that would be a big concern in terms of privacy, especially true in the US where there is not a federal data protection law or set of regulations. 

Most dating services would like to hold as little identifying personal data as possible, as there is always the threat of a leak or a hack, which could be devastating to both users of a dating service and the dating service itself, not to mention the industry. To this end, a new marketplace of services that provide both background checks and ID or liveliness verification has emerged, which means the data on users for verification is never held by the dating service, but that verification can be done directly on a user’s phone or another internet compatible device, creating much less risk in terms of data protection. However, there remains a cost to using these services, and that is out of reach of some dating services.

How do you see this playing out in the future? Will this be simply confined to US law, or will it go global?

NEIL: Europe already has GDPR, so to mirror what states in the US are doing seems antithetical to their direction. There are national databases in countries like Brazil, India and Japan so this method of user protection is viable.