The dating industry has a privacy problem. In June 2025, privacy advocacy group NOYB filed a complaint against Bumble with the Austrian data protection authority. The accusation: The app shares personal user data with OpenAI to generate AI-powered icebreaker messages. Without valid consent.
This affects millions of users. In Germany alone, 1.45 million people use Bumble. And 30% of all Germans have used online dating services at some point.
What Happened?
Bumble's AI feature "Icebreakers" automatically generates conversation starters based on user profiles. The problem: Those profiles contain sensitive data. Sexual orientation. Religious beliefs. Exactly the kind of information that qualifies as "special category personal data" under GDPR and requires special protection.
Lisa Steinfeld, data protection lawyer at NOYB, explains: "Bumble forces its AI features on millions of European users without ever asking them for their consent. Instead, their personal data is being sent to OpenAI and fed into the company's AI systems."
Bumble claims "legitimate interest" as their legal basis. Sounds reasonable at first. It's not. For sensitive data like sexual orientation, that's not enough. Explicit consent is required.
The Bigger Picture
Bumble isn't an isolated case. A Mozilla Foundation study found that 88% of dating apps fail basic privacy standards. 52% experienced data breaches or hacks in the past three years.
German consumer organization Stiftung Warentest reached similar conclusions: Only 5 out of 44 tested dating apps achieve acceptable data protection levels.
No surprise that 78% of dating app users are concerned about their data security. Trust is eroding. For good reason.
What This Means for You
The good news: You have rights. GDPR gives you real tools:
Right of Access (Article 15): You can request a copy of all data a company has stored about you.
Right to Erasure (Article 17): You can demand your data be deleted.
Right to Complain: You can file a complaint with your local data protection authority if you believe a company violated your rights.
The bad news: Most users don't know these rights exist. Or don't use them.
What Happens Next?
The Austrian data protection authority is now reviewing the case. Similar proceedings, like the one against Grindr that resulted in a 7.2 million euro fine in 2021, took years. But the consequences were real.
For Bumble, this could get expensive. GDPR fines can reach up to 4% of global annual revenue.
We'll update this article when there's news.
