FTC resolves OkCupid data controversy without a fine.

      The AI firm acquired photos from OkCupid in 2014 without the users being informed, which constituted a breach of OkCupid’s privacy policy. The settlement reached between the FTC and OkCupid, along with Match Group, in late March did not impose any financial penalties, and Clarifai was not found to have committed any wrongdoing.

      Clarifai, a facial-recognition AI company based in Delaware, has stated that it removed approximately three million photos of OkCupid users, along with the facial-recognition models that had been trained on those images, following the settlement over a privacy breach dating back to 2014. According to a document reviewed by Reuters, Clarifai confirmed to the FTC on April 7, 2026, that it had deleted the relevant models trained on this data and had not shared it with any third parties.

      The incident that triggered this issue occurred more than ten years ago. The founders of OkCupid were investors in Clarifai, and in 2014, Clarifai’s founder Matthew Zeiler reached out to OkCupid co-founder Maxwell Krohn to request access to its data. "We’re collecting data now and just realized that OKCupid must have a HUGE amount of awesome data for this," Zeiler mentioned, as reported in court documents referenced by Reuters.

      OkCupid provided nearly three million user photos, along with associated location and demographic data, without any formal agreement, failing to impose restrictions on data usage, and without notifying users or providing an option to opt out. At that time, OkCupid’s privacy policy clearly stated that it would not share personal data with parties outside of a specified set of business relationships, a category to which Clarifai did not belong.

      The FTC initiated its investigation following a 2019 article in the New York Times, but it took years for the case to reach a resolution. The proposed consent order, announced on March 30, 2026, prohibits OkCupid and Match Group from misrepresenting their data practices for a period of 20 years. However, it does not entail any financial penalties, as the FTC lacks the authority to impose fines for such violations under Section 5 of the FTC Act. Clarifai was not charged with any wrongdoing, having simply received the data through a request rather than initiating the transfer.

      The settlement faced immediate backlash. Representative Trahan, a Democrat from Massachusetts, characterized Clarifai’s confirmation of deletion as “a step in the right direction,” but remarked that “the FTC should have never settled for less in the first place.” This case marks the FTC’s first Section 5 privacy enforcement action under Chair Andrew Ferguson, and legal analysts from Venable observe that, unlike numerous previous FTC privacy consent orders, this one does not mandate ongoing compliance programs or notification obligations for the companies involved.

      The nature of the data in question makes the lack of penalties even more notable. Clarifai’s offerings include facial-recognition systems capable of identifying individuals and analyzing age, race, and gender from images. The company has contracts with the US military and has received funding from Nvidia. Facial-recognition models developed using sensitive social data, such as photos shared on a dating service with an expectation of privacy, present distinct risks compared to models trained on publicly accessible images.

      It remains unclear if those models still exist in any capacity within the AI ecosystem, whether through third-party licensing or derived models; Clarifai did not disclose the duration the models were in use prior to their deletion.