About Us
Charlyn Ho, founder and CEO of Rikka Law, walking in Washington DC

Who We Are

A boutique technology law firm that drives client success

Charlyn Ho, founder and CEO of Rikka Law, with an abstract technology handshake graphic representing the firm's leadership in technology and AI law

Our Leadership

Meet Charlyn Ho, CEO, Managing Member and Founder

Hand zooming in on a checkmark graphic representing Rikka Law's verified strategic partnerships

Partnerships

Proud to work alongside organizations shaping the future of technology & business

Magnifying glass on an orange background representing Rikka Law case studies and capability spotlights

Case Studies

Capability spotlights offering a closer look at real Rikka engagements

Graphic representing Rikka Law frequently asked questions

Frequently Asked Questions

Answers to the questions clients ask most

What We Do
Rikka Law R icon with a handshake over an abstract blue nodes background representing business and technology transactions legal services

Business & Technology Transactions

Practical legal guidance for the deals that drive your business.

Rikka Law R icon with a green lock over a dark circuit board background representing data privacy and cybersecurity legal services

Privacy & Cybersecurity

Stay compliant in an increasingly complex regulatory landscape

Rikka Law R icon with a VR headset over a dark abstract background representing legal services for startups and emerging technology companies

Startup & Formation

Smart AI-powered legal support built for startups and small firms

Rikka Law R icon with a robot hand over a dark abstract background representing AI governance and automation legal services

AI & Automation

Strategic counsel for organizations at every stage of their AI journey

Rikka Law R icon with a Lady Justice scales statue over a dark abstract greenish blue background representing legal staff augmentation and human capital management services

Human Capital Management

Flexible legal talent when you need it, without the overhead of a full-time hire

Rikka Law R icon with a notebook, pen, and glasses over a dark painterly abstract background representing Rikka Law's practical legal education and training programs for lawyers

Legal Education & Training

Advance your legal career with bespoke training programs

Resources
Abstract green illustration of a lightbulb with a brain inside representing Rikka Law's legal insights and technology law commentary

News & Insights

Analysis on the evolving intersection of law, technology, business, & policy

Before You Deploy AI podcast episode highlighted over an orange magnifying glass background representing Rikka Law's podcast series

Podcasts

Conversations on AI, law, and the technology shaping modern business

Woman holding a film clapperboard over a purple abstract background representing Rikka Law's video resources

Video Library

No-cost, straight-talk video guides on AI and technology law

The cover of Charlyn Ho's, founder and CEO of Rikka Law, upcoming book AI-Savvy Lawyer

AI-Savvy Lawyer

Get early access to Charlyn's book

Charlyn reviewing data privacy compliance checklist, representing Rikka Law's free compliance resources for businesses

Compliance Checklists

Free compliance checklists, ready to download

Rikka Academy logo over a repeating Rikka Law icon background with a dark purple overlay representing Rikka Academy's practical legal training platform for lawyer

Rikka Academy

Elevate Your Contract Drafting and Negotiation Skills

Contact Us
Rikka Academy

Your Privacy Policy Is a Promise: The FTC's OkCupid Action is the Latest Example of What Happens When You Break It

All Rikka Posts
Rikka Law blog post illustration: Your Privacy Policy is a Promise: the FTC's OkCupid Action is the Latest Example of...
Headshot photo of Charlyn Ho, CEO Rikka Law Group | Co-Founder Enzio.ai at Rikka Law
Charlyn Ho
CEO Rikka Law Group | Co-Founder Enzio.ai
May 4, 2026·Insights

On March 30, 2026, the Federal Trade Commission (FTC) filed a complaint and simultaneously settled with Match Group Americas, LLC and Humor Rainbow, Inc., the corporate entity that owns and operates OkCupid, over a data-sharing arrangement that violated OkCupid's own privacy policy. The case is a precise illustration of how the FTC treats privacy commitments: as binding representations, not aspirational statements.

What Happened

In September 2014, OkCupid's parent entity, Humor Rainbow, gave a third-party facial recognition company called Clarifai, Inc. access to nearly three million OkCupid user photos, along with demographic and location data. OkCupid did not place any restrictions on Clarifai’s use of the data. Clarifai had no business relationship with Humor Rainbow and paid nothing for the data. The transfer happened because OkCupid's founders were personally invested in Clarifai.

The problem wasn't just the disclosure itself. OkCupid's 2014 privacy policy explicitly stated that user data would only be shared with service providers, business partners, or companies within the Match family of businesses, or in response to legal process, and that users would be informed and given an opportunity to opt out before any other sharing occurred. Clarifai fell into none of those categories. Users were never told. And according to the complaint, for over a decade Match and Humor Rainbow actively concealed and denied the transfer, including issuing a statement to the New York Times that the FTC characterizes as having obscured what actually occurred.

The FTC filed a federal complaint alleging that these actions constitute a violation of Section 5(a) of the FTC Act, 15 U.S.C. § 45(a). Section 5 prohibits unfair or deceptive acts, including misrepresentations or deceptive omissions of material fact. The FTC alleged that OkCupid’s actions constituted deceptive acts, and alongside filing the complaint, filed a settlement with OkCupid prohibiting future misrepresentation in its privacy policies.

What the Settlement Requires

The stipulated order, which remains in effect for 20 years, permanently prohibits the defendants from misrepresenting:

  • The extent to which they collect, maintain, use, disclose, delete, or protect user data
  • The purposes for which they collect or use that data
  • The function of any privacy controls presented to users, including any mechanisms represented as allowing consumers to limit or manage how their data is processed

The order also imposes a 10-year compliance reporting regime, requires defendants to distribute the order to all officers, directors, and employees with responsibilities over consumer-facing privacy representations, and subjects defendants to ongoing FTC monitoring.

Why This Matters Beyond OkCupid

The FTC's theory here is straightforward: a privacy policy is a representation to consumers, and a material deviation from that policy, even one driven by founders' financial interests rather than a formal data monetization strategy, is a deceptive act under Section 5 of the FTC Act. There was no allegation of a data breach or a rogue employee. The transfer was deliberate, internally sanctioned, and then hidden.

That framing applies broadly. Any organization whose actual data-sharing practices diverge from what its privacy policy describes is carrying this risk — regardless of whether the divergence was intentional or the result of an ad tech integration that postdates the last policy update.

What This Means Going Forward

The OkCupid action reinforces a compliance imperative that often gets deferred: privacy policies need to accurately reflect what your organization actually does with data, not what it intended to do when the policy was drafted. Third-party relationships, vendor data flows, and any arrangements driven by relationships outside the formal business context all warrant scrutiny. State laws impose many privacy obligations on companies but if you claim you meet those obligations in your privacy policy when your technical or organizational capabilities cannot actually meet them, you are at risk of more than just violating state law. You could risk an FTC Section 5 action as well.

At Rikka, we help organizations audit their privacy representations against their real data practices and structure third-party data arrangements that hold up to regulatory review. Contact us to learn how we can help.