Language selection

OPC Logo Office of the Privacy Commissioner of Canada

Search

Profiles on PositiveSingles.com dating website turn up on other affiliated dating websites

PIPEDA Report of Findings #2013-003

July 11, 2013

Three individuals posted their dating profiles (with names, photos, medical condition, etc.) on PositiveSingles.com, a seemingly confidential dating website dedicated to individuals who have tested positive for a sexually transmitted disease (STD). Later, they noticed that their profiles also showed up on nearly 60 other dating sites that were unknown to them. Many were clearly intended for a different set of demographics and descriptors than those mentioned in the individuals’ own profiles.

The individuals were shocked since written assurances on PositiveSingles.com had convinced them that privacy protection was of utmost concern to the website.

Our investigation discovered that PositiveSingles.com was part of a network of affiliated dating sites administrated by parent company SuccessfulMatch Inc. The affiliated sites were marketed by independent entrepreneurs, but were ultimately controlled and operated by SuccessfulMatch as part of a single network with a shared database of dating profiles. When a user signed up to Positivesingles.com, his or her profile was automatically available through the other affiliated sites in the network. The main page of these affiliated sites often targetted very specific demographics  (e.g. specific STDs). Independent entrepreneurs were paid for each member that signed up to the network through an affiliate site. The number and names of all sites potentially involved (i.e., where a user’s personal profile was available) could not be known since their numbers change daily, as new sites open and existing ones close.

We found that user profiles had not been disclosed since they were part of a single database controlled by SuccessfulMatch and were not accessible to the independent entrepreneurs responsible for marketing the affiliated sites. However, since the complainants could not have anticipated the availability of their sensitive personal profiles via these other affiliated websites — even if they were ultimately controlled by SuccessfulMatch — and they were not offered an opt-in or opt-out option, our Office concluded that the complainants had not provided their consent for their personal information to be used in this way. It was also clear that the organization had not fulfilled its responsibilities under PIPEDA to be open about its personal information management policies and practices.

Additionally, there was evidence to confirm that some registered members’ personal information could be accessed by non-members via simple searches on a common search engine. This led to our conclusion that proper safeguards were not in place. 

Following our Office’s recommendations, the network of websites was revamped:

  • The organization now explicitly informs users of the tiered relationship between the parent company and the affiliated websites under its control;
  • It also radically changed how it notifies users before they post their personal profiles on any of the network websites, to promote informed consent and ensure that information is given at key decision points (i.e. upon registration);
  • It also confirmed that there are no disclosures of personal information to exterior third parties.

The complaint was thus well-founded and resolved.

Lessons Learned

  • Organizations must ensure that there is knowledge, as well as consent, for the collection, use or disclosure of individuals’ personal information.
  • Organizations must make a reasonable effort to ensure that the individual is advised of the purposes for which the information will be used. For consent to be meaningful, the purposes must be stated in a manner such that the individual can reasonably understand how the information will be used or disclosed.
  • An organization’s security safeguards must protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
  • Organizations must be open about their policies and practices with respect to the management of personal information. Individuals must be able to acquire information about an organization’s policies and practices without unreasonable effort.

Report of Findings

Complaint under the Personal Information Protection and Electronic Documents Act (the “Act)

1. The complainants alleged that PositiveSingles.com (“Positive Singles”), a website operated by SuccessfulMatch Inc. (“SuccessfulMatch”), had disclosed their personal information without their knowledge and consent. After becoming members of Positive Singles, they discovered their profiles on other dating websites.

Summary of Investigation

2. Positive Singles is an online dating website aimed at individuals with sexually transmitted diseases (“STDs”). Positive Singles’ parent company, SuccessfulMatch, is incorporated in California. However, both Positive Singles and the website for SuccessfulMatch, SuccessfulMatch.com, list a Toronto, Ontario address and telephone number. On the Positive Singles homepage, it claims to be “The best, largest, completely anonymous and most trusted online dating site for people with Herpes, HPV, HIV/AIDS, Hepatitis, Chlamydia, Gonorrhea, Syphilis and other STDs in the world.” While individuals may become a member of the website at no cost, different levels of service on the website are available to members for a fee.

3. The complainants claim that they are all members of Positive Singles. When setting up their online profiles on the website, they provided sensitive personal information about themselves; alleging that they were made to believe that the information would be protected. They state that they were made comfortable in posting their personal profiles on the website by the statement on Positive Singles’ homepage indicating that the website does not “disclose, sell or rent any personally identifiable information to any third party organizations.”

4. However, they assert that they were later “devastated” and “embarrassed” when they discovered that their profile pictures and certain medical information which they had provided Positive Singles, as well as other highly personal information from their online profiles, also began appearing on many other dating websites. For example, they noticed that their entire profiles appeared on such websites as AIDSCase.com and SyphilisDating.com despite the fact that their own medical conditions do not at all correspond to the specific STDs and demographics that these other websites appear to be targeting. The complainants stated to this Office that they would never have registered themselves as members on those other sites and that they do not believe it appropriate for their profiles to be populating these sites as their personal situations were not accurately portrayed.

5. For example, one of the complainants provided evidence to this Office that her personal profile appeared on 57 other websites, some of which claim specifically to exist as a network for members who portray themselves as “gay”, “black” or “male”, or having HIV, AIDS or Hepatitis, or seeking “hook-ups” ─ descriptors that she claims do not correspond with the profile that she had posted on Positive Singles.

6. The complainants contend that they had not consented to their personal information appearing on the other sites, they had never been given an opt-out option by Positive Singles, nor had they ever been informed that the other sites existed.

7. Moreover, the complainants claim that when they realized how their information had been shared with other sites, they asked Positive Singles on numerous occasions to remove their personal information from those sites. The website did not comply.

8. Consequently, they filed this complaint against SuccessfulMatch and Positive Singles, which we accepted on July 18, 2011.

SuccessfulMatch’s website structure and business model

9. During our investigation, we examined SuccessfulMatch’s various websites and business model.

10. In addition to Positive Singles, SuccessfulMatch operates a website entitled “SuccessfulMatch.com”. SuccessfulMatch.com is not itself a dating site where individuals seeking matches can register, but rather a site for potential Web entrepreneurs who wish to obtain information to set up “affiliate” websites with SuccessfulMatch (the concept of an “affiliate” website is explained further below). SuccessfulMatch.com explains the commercial aspect of SuccessfulMatch’s operations to these potential entrepreneurs.

11. For its part, Positive Singles is a dating site owned by SuccessfulMatch where individuals seeking matches may register and create a personal profile, as the complainants did in this case. In addition to Positive Singles, there are several other dating sites within SuccessfulMatch’s operations, which are focused on different demographics.Footnote 1 For each of its dating sites, there is a main network website and a number of “affiliate” sites that are connected to the main network site. For the Positive Singles network, “PositiveSingles.com” is the main site and membership database in the network.

12. Under each main network site, another tier of websites exists.  These sites are numerous and are described by SuccessfulMatch as “affiliate” (or “private label” or “partner”) sites within a given network.

13.The purpose of the affiliate sites is to help increase membership in the dating network. In other words, SuccessfulMatch is using affiliate marketing to increase traffic to their dating network sites including Positive Singles. When an independent third party signs up to be an affiliate of SuccessfulMatch, it is required to purchase a domain name. The domain name chosen would generally be related to the particular network the affiliate wished to promote. To promote Positive Singles for example, an affiliate could choose an STD-related name such as www.STD-X-Dating.com.

14. SuccessfulMatch then sets up an affiliate website to that domain, hosts the site and is responsible for activities related to the site including the dating software, membership database, payment processing and customer support. SuccessfulMatch advised our Office that the affiliate websites are not independent sites but rather they are “extensions” of the main network sites and are used as “doors” to the same community.

15. For the Positive Singles network, we noted that many of its websites (i.e., the main site and all the affiliate sites) have a common layout and appearance. Many pages are differentiated only by their specific textual content, personal photographs posted, and their background colours.

16. The affiliate is responsible for the marketing of its domain name — i.e. www.STD-X-Dating.com. Currently, when someone goes to that URL and its associated website and wants to join as a member they are then automatically directed to the main network site URL — PositiveSingles.com. The affiliate is subsequently paid for this action and receives a commission for each profile which is set up on Positive Singles via its domain name.

17.SuccessfulMatch informed our Office that the affiliate is at no time able to access or control any information in the network, including profile or member information, either on the affiliate site related to its domain or the main network site. It advised that the only page an affiliate is able to view is the home page of its domain. Our investigation did not reveal evidence that was contrary to this position.

18. We noted that in the SuccessfulMatch Terms of Service, to which a potential affiliate is required to agree prior to joining, it states:

“To protect our customer privacy, the names or other personal information about specific customers will not be provided to you but shall be retained exclusively by us. In addition, all personal information about specific customers collected by us shall be owned solely and exclusively by us. You agree that your role as a Private Label Dating Partner is limited to referring prospective customers to us, and you agree not to represent that you are collecting information for PositiveSingles.com.”

19. It also states:

We grant to you a royalty-free, non-exclusive, non-transferable license, during the term of this Agreement, to include our Intellectual Property solely in connection with a hyperlink to our Web site.”Footnote 2

20. The affiliate therefore owns its domain name but does not have control of the affiliate website associated with that domain — SuccessfulMatch maintains control of the affiliate websites.

21. The terms “affiliate marketing”, “affiliate website” and “affiliate”, as used in this Report, are specific to the matter at hand and this specific situation and are not intended to be a broad definition outside the scope of this complaint.

22. It is apparent from the textual content and the names of the websites affiliated with the Positive Singles network that each targets much more specific STD populations than does Positive Singles (e.g., gaypozdating.com, havehiv.com, genitalwartswomen.com). In contrast, Positive Singles solicits individuals falling within a wider range of STDs and demographics.

23. Despite being the main network site and membership database, Positive Singles looks like a stand-alone dating website and it appears to operate as such.  It does not convey the general impression to prospective subscribers that it is a main website for a large network of separate affiliate sites that populate a single all-encompassing database nor does it explain the main site-affiliate site relationship.  With respect to the affiliate sites, they indicate only that they are “powered by PositiveSingles.com” without explaining their relationship to the Positive Singles main site.

24. Even if members were aware of the existence of these affiliate sites, we observed that it is not possible for a potential member of Positive Singles to determine how many affiliate sites are associated with Positive Singles. SuccessfulMatch advised this Office that it could not provide us with a list of all the affiliate sites since their numbers changed daily. We found a partial list of affiliate sites on the Positive Singles “Build your STD dating site/affiliate” homepage. We also found hundreds of Positive-Singles-affiliated websites from our search results using the term “powered by positivesingles.com” in a well-known Internet search engine.

25. The complainants had requested that their profiles not appear as part of the Positive Singles network. SuccessfulMatch advised this Office that members cannot opt out of the affiliated sites since they and Positive Singles all share one single database. Our investigation confirmed this.

26. It should be noted that certain notices to members accessing their personal profiles on Positive Singles network sites have been appearing in a different format than when our investigation first commenced, and after the respondent was notified of this complaint. Initially, when a member logged into a Positive Singles affiliate site, there was no clear indication that the site was affiliated with Positive Singles. Member profiles were displayed as if the affiliate site was a stand-alone dating network. Now, when a member logs in to an affiliate site, the member is immediately presented with a pop-up box indicating that the affiliate site is managed and supported by Positive Singles.

27. When they click on the pop-up box button (the only option available), the member is re-directed to Positive Singles, the network’s main site. This change, however, only affects users who log in through an affiliate site. It does not inform members, such as the complainants, who log in through the main PositiveSingles.com site about the existence of affiliate sites or their relationship to PositiveSingles.com. Further, given the vague nature of the messaging in the pop-up box, it is unlikely that a user who logs in through an affiliate site would understand the profile sharing implications based on this information alone.

Informing Positive Singles members about personal information protection

28. Our review of the Positive Singles website revealed what members are informed of relating to the protection of their personal information.

29. We first observed that the following information and assurances are stated on the website’s homepage:

100% Anonymous, Private, Safe & Comfortable
...
The best, largest, completely anonymous and most trusted online dating site for people with Herpes, HPV, HIV / AIDS, Hepatitis, Chlamydia, Gonorrhea, Syphilis and other STDs in the world.
...
We care about your privacy more than other sites, so you are not required to submit any information you are not comfortable with. All your personal information can be private and anonymous until you want to take things further. Everyone with an STD can join us regardless of race, religion, sexual orientation or gender. Never feel lonely again!  
[Original text bolding]

30. We also observed on the homepage a button labelled “How we protect your privacy.” When it is selected, the following privacy information and assurances are given:

Your safety, anonymity, and the preservation of any information you deem to be confidential is of the utmost importance to us. We've spent, and continue to spend, a substantial amount of time ensuring PS is private.

  • "Quick Exit" button — it redirects you to another site quickly to ensure your privacy. You don't have to close the entire window if someone walks by while you are on PS.
  • Privacy Settings — ensures your profile will not be available to certain members.
  • We've blocked search engines and non-logged in members from seeing your profile.
  • We will never sell your profile to any third party entity like many other sites do.
  • All features on the site are owned and developed by PS independently. We'll never install any third party apps and / or services on PS.
  • Upcoming feature, 'Private Album' will allow you to store your photos to share with someone if you'd like them to see it.
  • PS is a private, exclusive community for people living with STDs. We do not allow profiles that are not part of the community. If you find a user that is not living with an STD, please contact us so that we can remove their profile.

31. Next, the "join for free" button located on the website’s homepage links to the first registration page. At the top of the first registration page, it states the following: "We do not disclose, sell or rent any personally identifiable information to any third party organizations."

32. We observed that to sign up, the prospective member must provide the following personal information at a minimum:

  1. first name;
  2. email address;
  3. age;
  4. ethnicity;
  5. other physical attributes (height, eye colour, hair colour, etc.); and
  6. a narrative about who the user is and what they are looking for in a match.

33. To continue, registrants must agree to the terms and conditions of both the Service Agreement and Privacy Policy by checking a box. The respondent asserted that, via these two documents, members are informed about how their information will be shared with the affiliated sites. There are links to these documents (via FAQs) at the bottom of the page.

34. We examined the document entitled Service Agreement and noted that it states the following under Section 3:

3. PROFILE SHARING AND DISTRIBUTION

To expand the availability of profiles on SuccessfulMatch sites, profiles may be shared with other sites within the SuccessfulMatch Network. By posting or maintaining a profile on this or any other SuccessfulMatch Network site, you agree and consent that said profile shall be subject to placement on other SuccessfulMatch Network sites, at the discretion of SuccessfulMatch, without further notice.

35. Under Section 4, the Service Agreement states the following:

4. CONTENT POSTED BY YOU

...that any and all information posted in or on the SM.com Site or any other Site owned by SM.com will be used in furtherance of the services SM.com offers. The information will not be disclosed knowingly or willfully to any third party without your authorization as described in detail in the SM.com Privacy Policy, except as may otherwise be permissible by this Agreement and required by the Services offered by SM.com ....

36. We also examined the Privacy Policy and noted that it states the following:

How We Use Personal Information

We use your email address and your other personal information to help us efficiently operate the Site, to contact you in connection with your membership and other activities on the Site (including, but not limited to, confirmation emails or important news that could affect your relationship with SM.com), and to forward messages to you from other SM.com users. These types of communications are known as "Operational Communications."

To operate the Site, we may share your personal information with our agents, representatives, contractors and service providers so they can provide us with support services such as authorization of credit card transactions, email origination, receipt or support services, and customer relationship management services. We require these entities not to use your information for any other purpose.

37. The Privacy Policy also states that it,

...only applies to transactions and activities in which you engage, and data gathered, on the SM.com website ... but does not apply to any other website ... that we do not control.
...
... [W]hen you ... visit other websites, (regardless of whether or not they contain our brand names, trademarks or other intellectual property), we do NOT control these other websites or these other websites’ business practices, and that this privacy policy does not apply to these other websites.

Safeguarding

38. One of the complainants provided evidence that when she performed an Internet search for her Positive Singles user name, the search returned links to her blogs on Positive Singles, which were accessible without being logged on to the Site. As a consequence, she and the other complainants were concerned how Positive Singles was safeguarding their personal information online.

Cookies

39. Our investigation also examined Positive Singles use of cookies on its site. Cookies can be used to track what an individual does on the web for advertising purposes including: the websites visited, what is viewed on a particular site, how long is spent viewing a particular part of a site, offers taken up, etc.

Preliminary report of investigation

40. On October 25, 2012, our Office issued a preliminary report of investigation to Positive Singles in which we examined the issues raised in the complaint and requested that Positive Singles respond to our recommendations. What follows is the result of our analysis of the evidence obtained during our investigation.

Application

41. In making our determinations, we applied Principles 4.3, 4.3.2, 4.3.5, 4.3.6, 4.7, 4.7.1, 4.8 and 4.8.1 from Schedule 1 of the Act.

42. Principle 4.3 states that the knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except where inappropriate.

43. Principle 4.3.2 highlights that knowledge is required as well as consent and states that organizations must make a reasonable effort to ensure that the individual is advised of the purposes for which the information will be used. It further stipulates that, for consent to be meaningful, the purposes must be stated in such a manner that the individual can reasonably understand how the information will be used or disclosed.

44. Principle 4.3.5 states that in obtaining consent, the reasonable expectations of the individual are also relevant.

45. Principle 4.3.6 states in part that the way in which an organization seeks consent may vary, depending on the circumstances and the type of information collected. An organization should generally seek express consent when the information is likely to be considered sensitive. Implied consent would generally be appropriate when the information is less sensitive.

46. Principle 4.7 states that personal information must be protected by security safeguards appropriate to the sensitivity of the information.

47. Principle 4.7.1 states in part that the security safeguards must protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification.

48. Principle 4.8 states that an organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.

49. Principle 4.8.1 states that organizations shall be open about their policies and practices with respect to the management of personal information. Individuals shall be able to acquire information about an organization's policies and practices without unreasonable effort. This information shall be made available in a form that is generally understandable.

Findings

50. The complainants alleged that Positive Singles disclosed their personal information to third party websites and provided evidence that their Positive Singles profiles appeared under various other domains. Although the domain names of the affiliate sites are owned by third parties, the affiliates do not collect any information nor do they have access or control over the affiliate site associated with their domain name. Positive Singles collects the information and maintains care and control of the affiliate websites, which act as “doors” to the Positive Singles database; there was no evidence to suggest otherwise.

51. Our investigation therefore established that Positive Singles did not disclose the information to an outside third party but rather used the information coming through the third party affiliate sites and the Positive Singles site to propagate a single all-encompassing database within the Positive Singles affiliate network. As such, our investigation focused on whether Positive Singles obtained adequate consent for the use of the complainants’ information in this manner, if the information was sufficiently safeguarded, and the use of cookies on the site.

Consent and Openness

Knowledge and consent – Principles 4.3, 4.3.2 and 4.3.5
Openness – Principles 4.8 and 4.8.1

52. Under the rubric of consent and openness, we observed contradictions between the information about use and disclosure found in the Service Agreement and the reassuring privacy and confidentiality claims readily available on Positive Singles’ homepage. This noticeable discrepancy begs the question of how the reasonable expectations of new members, when providing their consent, compare with SuccessfulMatch’s actual policies and practices involving those members’ personal information. Given the position and highly sensitive condition of those likely to be interested in joining Positive Singles, privacy is a consideration of paramount importance. In this regard, we note that Principle 4.3.5 of the Act provides that, in obtaining consent, the reasonable expectations of the individual are relevant. We also note that Principle 4.8.1 provides that organizations shall be open about their policies and practices, individuals shall be able to acquire information about an organization's policies and practices without unreasonable effort, and that this information shall be made available in a form that is generally understandable.

53. For example, information linked to the coloured button labelled “How we protect your privacy” found at the top of the Positive Singles homepage appears to provide unqualified assurances of privacy. It uses language that projects a genuine concern on the part of the organization to respect the confidentiality of its members: e.g., “PS is a private, exclusive community for people living with STDs”; and “Your safety, anonymity, and the preservation of any information you deem to be confidential is of the utmost importance to us. We’ve spent, and continue to spend, a substantial amount of time ensuring PS [Positive Singles] is private.”

54. Given the prominence and positioning of the above noted privacy assurances, it is our Office’s view that a user could also easily interpret this as being the Privacy Policy for the site when essentially Positive Singles is using it as a marketing tool directed towards a cohort of prospective members who by the nature of their medical condition, would place a high value on privacy as a material consideration in deciding whether or not to become a member.

55. Contrarily, the actual Privacy Policy and Service Agreement, which must be read in tandem to appreciate all potential privacy implications, are found as small font hyperlinks at the bottom of the home page and the “How we protect your privacy” page.

56. Further, since Positive Singles appears, and is presented as, a stand-alone site, a prospective member not having an understanding of Successful Match’s network structure or its business model would not be able to know that their profiles are used as part of a greater network of affiliate sites, populating one all-encompassing database.

57. Overall, we believe that the Positive Singles homepage appears very sensitive to, and respectful of, a vulnerable sector of the population’s need for privacy. The outwardly caring attitude projected by Positive Singles thereby creates the reasonable expectation of enhanced protection of its members’ sensitive personal information. Overt claims of privacy, however, belie the reality that member personal information will in fact be used by Successful Match to propagate its database with its unknown, and unlimited, affiliate websites. In other words, a network of websites that change daily and of which Positive Singles members have no knowledge.

58. The respondent has submitted that its website documents Privacy Policy and Service Agreement inform new members at initial registration about how their personal information will be used by the affiliate sites. According to the respondent, consent is thus obtained when these individuals check the box indicating that they have read and agreed to these documents.

59. The Privacy Policy’s statement that it "... only applies to transactions and activities in which you engage, and data gathered, on the SM.com website ... but does not apply to any other website ... that we do not control" is so devoid of contextual information that a prospective new member would not understand what they are agreeing to nor the specific impact on the use and disclosure of their personal information. Further, the parameters are so ill-defined that, from that statement, it is impossible to know which websites among the millions that exist on the Internet are within SuccessfulMatch’s control and which ones are not.

60. Similarly, there is a lack of clarity in the Privacy Policy’s statement that "... when you ... visit these other websites, (regardless of whether or not they contain our brand names, trademarks and other intellectual property), we do NOT control these other websites or these other websites' business practices, and that this privacy policy does not apply to these other websites ...." Here, individuals are informed in a general way that there exist websites that the Privacy Policy protects (and also many similarly looking ones that it does not), but individuals are not advised how to differentiate amongst them so that they could make the right choices to protect their privacy. The Privacy Policy is thus informing individuals in a general way that they should beware, but not exactly of what.

61. Additionally, the Privacy Policy patently does not inform about key matters, such as SuccessfulMatch’s network structure or the role of affiliate websites, nor the major impact these elements have on the privacy of members. These are matters that would be material to prospective user’s assessment of privacy levels and that may influence their decision to join the Site. Therefore, with regard to the Privacy Policy, our review of it revealed that it does not adequately advise of, or even refer to, the possibility of propagating member personal information and profiles across SuccessfulMatch websites.

62. As for the Service Agreement, registrants must also agree to its contents before becoming members of Positive Singles. Our review of this document revealed that while it does make reference to the “sharing” of profiles with other SuccessfulMatch network sites under its Section 3 (“To expand the availability of profiles on SuccessfulMatch sites, profiles may be shared with other sites within the SuccessfulMatch Network”), there is no contextual information given about what is SuccessfulMatch in the first place, what constitutes its network or how is it organized. To the individual who has happened upon only the stand-alone Positive Singles site and decided to join that one, they would not know about the commercial relationship between SuccessfulMatch, Positive Singles, affiliate sites or their respective roles.

63. Section 3 also states that “profiles may be shared with other sites” (our italics), even though our investigation revealed that a member’s profile is automatically available through the network once it is created. Furthermore, “other sites” is confusing since it is not clear if the “other sites” are within the one network the member joined or within the various networks as operated by SuccessfulMatch.

64. Additionally, it concerns us that there is no list or directory of the “other sites” that individuals may consult before consenting to SuccessfulMatch’s use of their personal profile information. We learned that the number of “other sites” is unlimited and varies on a daily basis, as it is driven by the thrust of entrepreneur-owners setting up new affiliate sites or closing existing ones. The variety of sites and demographic spectrum for which personal information may be used are apparently uncontrolled and unlimited, the only apparent common denominator across the panoply of SuccessfulMatch-associated websites being an interest in social networking (including dating/matching, support groups, etc.).

65. While Section 4 of the Service Agreement states that information posted on any site owned by SM.com “will be used in furtherance of the services SM.com offers”, there is no information to explain the commercial relationship between SuccessfulMatch (SM.com), Positive Singles and affiliate sites. Consent obtained based on such a statement could not be considered to be meaningful under Principle 4.3.2 since SuccessfulMatch’s role is not made clear to potential members who must register and belong to a main network site or else an affiliate site ─ the only websites that offer actual matching services. The lack of clarity and openness also fails to uphold Principles 4.8 and 4.8.1.

66. Further, the statement from Section 4 that “information will not be disclosed knowingly or willfully to any third party without your authorization as described in detail in the SM.com Privacy Policy, except as may otherwise be permissible by this Agreement and required by the Services offered by SM.com” does not provide enough description for an individual to reasonably understand how their personal information will be disclosed. The statement’s reasoning appears to follow a circular path back onto itself and to concepts and uses which are not defined, as well as referring to explanatory “details” in the Privacy Policy that we find do not exist. Again, any consent obtained via such means cannot be considered to be meaningful under Principle 4.3.2. The lack of clarity and openness of the information conveyed also fails to uphold Principles 4.8 and 4.8.1.

67. Finally, as noted above, the muted positioning of the Privacy Policy and Service Agreement links, juxtaposed against the prominence and positioning of the “How we protect your privacy” page, further serves to confuse and impede the prospective member from locating and comprehending all relevant privacy implications in joining the Positive Singles Network. 

68. Thus, because of the Privacy Policy’s and the Service Agreement’slack of detail and clarity, and relative prominence, neither the consent principle under 4.3 nor the openness principles under 4.8 and 4.8.1 are being upheld. In our view, it is not possible for an individual to reasonably understand from information in these documents how their personal information could be used or disclosed. Consent obtained from these documents cannot be considered to be meaningful.

Safeguarding

69. The complainants asserted that it is possible for Positive Singles’ members’ profile or nicknames to show up on blog posts in the cache of a well-known Internet search engine, despite the claim that access to the Site and its contents are restricted to registered members. Principle 4.7 states that personal information must be protected by security safeguards appropriate to the sensitivity of the information. Principle 4.7.1 states in part that the security safeguards must protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification.

70. Certain medical information about members of Positive Singles constitutes highly sensitive personal information. Individuals who can be identified from it ─ or even associated with it ─ run the very real risk of social stigmatization and long-term emotional and reputational damage.

71. For this reason, the security safeguards used to protect it must be of a very high level. However, the complainants’ evidence that some members’ personal information could be accessed by non-members (i.e., unauthorized access) via simple searches on a common search engine suggested that proper safeguards were not in place. For these reasons, Principles 4.7 and 4.7.1 were contravened. That being said, we observed more recently that member profiles or nicknames did not appear in blog posts of the Internet search engine’s cache. Thus, it appears that there may have been efforts to address this issue.

Use of Cookies

72. Positive Singles’ Privacy Policy provides basic details about its use of cookies and how an individual can disable the function. The policy states:

Cookies
Cookie files saved to your computer are used for record keeping purposes on some sites, including SM.com. We can also use cookies to deliver content specific to your interests, to save your password, and if you choose, to save other personal and financial information, so you do not have to re-enter it each time you visit the Site. Third party advertisers on the Site may also place or read cookies on your browser. To disable these cookies, simply go to the "help" portion of the toolbar on your browser and this should tell you how. However, if you set your browser to disable cookies, you may not be able to access certain areas on the Site. (emphasis added)

73. We note that the Privacy Policy does not state the type of cookies that are used on the Site (e.g., session, first-party, third-party, flash or super-cookies), why such cookies must be enabled to access the website’s functions or whether the sharing of personal information is involved and the extent of any sharing that takes place.

74. Our testing reviewed the cookies present in traffic emanating from Positive Singles. We noted the presence of cookies placed by a web analytic service as well as sites that allow for the integration of social plug-ins. Despite the fact that the Privacy Policy indicates that third-party advertisers may place or read cookies on the browsers of users, it is unclear from our testing whether this practice is indeed taking place.

75. In accordance with Principle 4.3.2 and this Office’s Policy Position on Online Behavioral Advertising, meaningful consent is required for Online Behavioral Advertising (“OBA”). Principle 4.3.6 indicates the way in which an organization seeks consent may vary, depending on the circumstances and type of information collected. An organization should generally seek express consent when the information is likely to be considered sensitive. Implied consent would generally be appropriate when the information is less sensitive.

76. Our Office’s OBA guidelines state that implied or opt-out consent for tracking and targeting individuals for behavioral advertising purposes may be acceptable provided that certain parameters are in place. One parameter is that the information collected and used is limited, to the extent practicable, to non-sensitive information (avoiding sensitive information such as medical or health information).

77. Medical information is one of the most sensitive forms of personal information and it is clear that Positive Singles specifically targets individuals and members who have certain, highly sensitive, medical conditions. If indeed SuccessfulMatch is engaging in OBA, as alluded to in its Privacy Policy, then SuccessfulMatch must ensure it obtains the express (opt-in) consent of individuals for this practice. Further, if SuccessfulMatch is engaged in OBA, depending on the arrangement, this could also potentially contradict the “privacy assurance” as cited on the Positive Singles “How we protect your privacy” page, which states that “We will never sell your profile to any third party entity like many other sites do.”

Recommended actions

78. In our preliminary report of investigation, we recommended that SuccessfulMatch do the following:

  1. Make it prominent, clear, explicit and unambiguous to members at registration and on the Positive Singles homepage that their profile information will be included in a database which will be accessed by websites targeting specific and demographically and medically diverse populations across the Positive Singles network and that members will not be able to specifically know which sites those are, nor will they will be able to remove their profiles from them;
  2. Simplify, make prominent and make clear the wording of its Privacy Policy with respect to how information is used by SuccessfulMatch through its affiliate sites;
  3. Make clear, prominent and explicit to users the relationship between SuccessfulMatch.com and PositiveSingles.com;
  4. Make clear, prominent and explicit to users the difference between “third party” sites and “affiliate” sites;
  5. Provide this Office with detailed information on how members’ information is safeguarded on PositiveSingles.com, including any technical measures and protocols used to prevent hacking and non-registered individuals from viewing personal information (e.g., via search engines) published on Positive Singles and its affiliate sites. We also asked SuccessfulMatch to explain to this Office the safeguarding implications of any operational changes made to the website since the complainants made their complaint; and
  6. Provide this Office with detailed information on the purposes for the use of cookies on Positive Singles and specifically whether these cookies are used for online behavioral advertising. If SuccessfulMatch does allow third-party advertisers to engage in behavioral advertising on the website, it must provide individuals with the opportunity to provide their express and informed consent to this practice.

79. We asked that we receive, within 30 days of the date of our report of investigation, SuccessfulMatch’s response in writing, outlining how it intended to implement the recommendations. In the report, we also advised that upon receipt of the requested information, or at the end of the 30-day time period, we would issue our findings.

Response from SuccessfulMatch

80. Several responses to our recommendations ultimately led to changes in the Positive Singles website.

81. With respect to our first recommendation, SuccessfulMatch made upfront changes to the registration and home pages of the website, to the section “How we protect your privacy”, as well as to the Privacy Policy and the Service Agreement. These changes indicate to the reader, including at the decision point of registration, that all profiles created on PositiveSingles.com will be viewable by users of other (affiliate) websites on the Positive Singles network.

82. Regarding our second recommendation (i.e., to simplify and clarify the Privacy Policy), a new paragraph explains (i) what is an affiliate site; (ii) affiliate site ownership, and; (iii) how such a site relates to Positive Singles and to SuccessfulMatch. In addition, certain terminology has been clarified: (i) the “service” is no longer referred to as the “site service”; (ii) Positive Singles is referred to as “the site” and; (iii) a definition of the term “affiliate site” is provided in the Privacy Policy. SuccessfulMatch also confirmed to our Office that is does not share profile information between its networks and amended wording in its Service Agreement reflect the same.

83. In response to our third recommendation, (i.e., seeking clarity about the relationship between SuccessfulMatch.com and PositiveSingles.com), SuccessfulMatch now explains in its Privacy Policy that “....this site is part of the SuccessfulMatch family of businesses which ...includes many other websites.....”. In addition, information was placed on the Registration and Home page stating that Positive Singles is owned and operated by SuccessfulMatch.com with a hyperlink to the SuccessfulMatch site.

84. In the Privacy Policy for Positive Singles, SuccessfulMatch made clear, prominent and explicit the difference between “third party” sites and “affiliate” sites, thereby implementing our fourth recommendation.

85. Responding to our fifth recommendation, SuccessfulMatch informed us of the various safeguarding measures that it uses to protect members’ personal information, including with respect to preventing user data from being accessible to search engines. These include password verification, monitoring of user log data, firewalls and encryption.

86. Lastly, SuccessfulMatch amended its Privacy Policy to more clearly explain the purposes for which it uses cookies. In particular, the Privacy Policy no longer refers to the use of cookies by third-party advertisers. SuccessfulMatch informed our Office that it does not permit advertising on its site, does not use cookies for behavioural advertising and does not provide cookie information to advertisers.

Conclusion

87. Accordingly, the complaint is well-founded and resolved.

88. We wish to commend the complainants for raising this important issue with our Office. The resulting investigation led to SuccessfulMatch implementing important changes to its Positive Singles site. This greater transparency will allow users to make more informed decisions before consenting to the use of their personal information on the Positive Singles network of sites, and as a consequence, place them in greater control of their online reputation.

Footnotes

 

Date modified: