The real value in many online businesses is consumer data. However, that data carries the risk of being exposed by hackers and misused by legitimate businesses.
That’s why the IPO for Match Group (MTCH) raised my eyebrows, and why I’m concerned that there are significant questions surrounding the usage of that data that could materially harm Match.com.
Here’s the issue: IAC/InterActiveCorp (IACI), which I’ve written about favorably for years, spun off Match.com on Nov.19, and lumped in student admissions test prep company The Princeton Review as well as Tutor.com with the suite of online dating/hookup sites.
Lumping them together makes no sense as far as business is concerned because one has nothing to do with the other, and the education business is a money loser.
The only reason to put them together is because IACI and MTCH see data synergies between the demographics of each site’s users — young people.
Match.com Says It Doesn’t Mix Data
According to SEC filings, Match said the education businesses, “relies on many of the same competencies as those relied upon by our Dating business, such as paid customer acquisition, a combination of paid and free business models, a deep understanding of the lifetime values of customers and a strong expertise in user-interface development.”
Therein lies the problem. It raises significant questions about data mining and sharing — questions I posed to the company:
“Why are two education services mixed with online dating/hookup sites whose core competency is mining personal data for marketing? Do parents know that the education entities being used by young people are owned by a group of dating/hookup sites? Is there cross-promotion or data sharing between the education and dating businesses? If not, what barriers are in place to ensure that information is not shared? Are there privacy and data walls between the businesses?”
Jennifer Kohn, SVP of Communications at The Princeton Review replied:
“The Princeton Review has a strict privacy policy around the data collected from students. All of our data is stored and managed completely independently of any other Match company. Match businesses have no access to our data and The Princeton Review has no access to Match data.”
That sounds like a definitive answer, but is it really? Not enough to dissuade me of my concerns, after speaking with privacy consultant and attorney Tim Sparapani, Founder of SPQR Strategies, former Director of Public Policy at Facebook (FB) and former Senior Legislative Counsel at the ACLU.
“The amazing thing about the United States is there exists no broad cross-sectoral consumer privacy law. The law is silent. It is only when a company makes a public promise as to how it will handle privacy and data that it can be legally held to that promise,” he said.
In short, a company can do whatever it wants with data collection and privacy, as long as it doesn’t do something other than what it says it will do – even if it is unexpected to consumers. So most don’t say anything.
If the company deviates from its statement, the FTC can consider it a deceptive or unfair trade practice and issue an enforcement act. Additionally, 47 states allow their respective Attorney Generals to do the same thing on a state level.
It’s unclear if Ms. Kohn’s statement is thus a legal promise or not. If not, then Match.com can do anything it wants with the data. “It’s the wild west,” says Mr. Sparapani.
Other Privacy Issues for Match.com
There are massive self-admitted security issues. Match.com admits in its SEC filings that they are constantly under hacker attack, and that data risks extend to third-party vendors that have personal data on their servers, as well. Just look at what happened to the Ashley Madison site last year — no, Ashley Madison isn’t part of Match Group, but the risks are the same.
We’ve already learned that OKCupid, a part of the Match.com, provides information to marketing partners. The author of the linked study mentions several uncomfortable implications regarding such information “leakage” — “From a legal perspective, identifying information leakage is a debacle.”
Many first-party websites make what would appear to be incorrect, or at minimum misleading, representations about not sharing personal information … we believe there is now overwhelming evidence that third-party web tracking is not anonymous. It is a legitimate policy question whether, on balance, Do Not Track should be enforced by law.
For Investors
Why is this relevant to Match.com investors? I believe overdependence on data sharing as the core business function puts the long-term viability of MTCH stock at risk. All it takes is a crusading regulator or press-hungry law enforcement official to crack down on information sharing that is, by the company’s own admission, the real revenue generator of the business.
Look out for state Attorney Generals, who love to advance political careers on this kind of thing. Maryland’s AG was the lead drafter in a letter from 46 AG’s demanding that the feds allow states to handle data issues.
Mark my words — government crackdown on privacy and data sharing is coming. It could gut Match.com and its ability to cross-promote and share data. You do not want to be in a stock with this kind of risk.
As of this writing, Lawrence Meyers did not hold a position in any of the aforementioned securities.
