FTC doubles down on case‑by‑case privacy

The FTC filed a proposed settlement in federal court on March 30, 2026, after enforcing a Civil Investigative Demand to obtain documents in its probe. (ftc.gov) The agency’s complaint alleges OkCupid gave an unrelated third party access to nearly three million user photos plus location and demographic data beginning in September 2014. (ftc.gov) Multiple reporting outlets identify the data recipient as Clarifai, a computer‑vision/facial‑recognition firm in which OkCupid founders had personal investments. (biometricupdate.com) The settlement, as reported, carries no consumer monetary payment but imposes injunctions barring future misrepresentations about data practices and requires long‑running compliance reporting. (arstechnica.com) Industry analysts characterize the FTC order as a multi‑decade enforcement posture for undisclosed AI training‑data deals, with published coverage noting proposed 20‑year privacy restrictions and 10‑year reporting obligations in the draft relief. (cybernews.com) FTC Commissioner Mark Meador emphasized a “case‑by‑case” enforcement approach at the IAPP Global Summit, and the OkCupid action was highlighted by regulators as an example of that posture applied to AI training datasets. (prod.iapp.org) Court records and reporting show the FTC’s inquiry stretched back years — including a Civil Investigative Demand and a 2022 petition to enforce it — signaling the agency will litigate to obtain evidence in legacy third‑party data arrangements. (hoodline.com)