When a technology company builds its future on data harvested without consent, accountability can take over a decade to catch up. That’s the lesson from a recent decision by Clarifai, an AI startup that has now deleted three million profile photos scraped from OkCupid in 2014—images used to train facial recognition models that could infer age, gender, and race.
The deletion was confirmed by the company in early April, following a 2024 settlement with the Federal Trade Commission (FTC) and Match Group, OkCupid’s parent company. According to regulatory filings, Clarifai certified the removal of the dataset to the FTC on April 7, and also asserted that any AI models trained on the data had been purged. The company further stated it had not shared the images with external partners, addressing concerns raised during a five-year federal investigation.
A privacy breach uncovered by journalism
The controversy traces back to 2019, when The New York Times revealed that Clarifai had approached OkCupid executives in 2014 to request access to user photos. Internal emails show that co-founder Matthew Zeiler described the dating site as a potential "HUGE amount of awesome data" for training facial recognition systems. OkCupid, despite prohibiting commercial use of profile images in its privacy policy, granted the request.
The AI startup built technology capable of analyzing faces to predict demographic attributes—tools it marketed to businesses and governments. While Zeiler later defended the practice in public statements, arguing that users must "get comfortable" with such data use, the backlash intensified. Reports indicated that Clarifai had earlier accessed unsecured city surveillance footage without authorization, a practice that was halted after scrutiny.
Legal consequences and lingering questions
The FTC’s settlement with Match Group, announced in 2024, permanently bars OkCupid from misrepresenting its data collection or privacy controls. The agreement has drawn criticism from privacy advocates, who argue that the prohibition restates existing federal rules rather than imposing meaningful new restrictions. TechCrunch noted that the penalty effectively reinforces existing standards without adding substantial deterrence.
Clarifai, for its part, avoided direct penalties in the FTC action, though the company’s deletion of the dataset and models appears to resolve the core violation. The startup continues to operate in the AI space, though its past practices have drawn renewed scrutiny over ethical data sourcing.
The road ahead for AI and user trust
This case underscores a growing tension: as AI systems advance, so do the incentives to scrape vast datasets from public and semi-public platforms. While some companies argue that anonymized, aggregated data poses little risk, the OkCupid incident demonstrates how even profile photos—ostensibly shared for dating purposes—can be repurposed without consent.
For platforms like OkCupid, the lesson is clear: strict enforcement of privacy policies is not optional, especially when third parties seek access. For regulators, the challenge remains to balance innovation with accountability, ensuring that companies cannot outsource ethical lapses with impunity. As AI tools grow more sophisticated, the demand for transparency and user control will only intensify—making incidents like this a bellwether for future enforcement.
AI summary
After a 2019 investigation, Clarifai has deleted 3 million OkCupid photos used for facial recognition training. Learn how a decade-old privacy breach led to FTC action.
