Grindr is sharing users' sexual orientation and location data, says study

Enlarge this image

Enlarge this image

He's become even more active since GDPR kicked in, filing privacy complaints against companies including Inc. and Netflix Inc., accusing them of breaching the bloc's strict data protection rules.

Match Group Inc.'s popular dating apps OkCupid and Tinder share data with each other and other brands owned by the company, the research found. OkCupid gave information pertaining to customers' sexuality, drug use and political views to the analytics company Braze Inc., the organization said.

The leaked data includes information that could indicate the users' sexual preferences and behavior, as well as other details like age, gender, birthdays, location data, IP address and ID numbers associated with smartphones, which can be traced back to an individual.

"Congress should use the findings of the report as a road map for a new law that ensures that such flagrant violations of privacy found in the European Union are not acceptable in the USA", the groups said in a statement. Industry calls it adtech. "We need to regulate it now, before it's too late". This Twitter-owned go-between for personal data is controlled by a firm called MoPub.

Every app in the study shared data with third parties, including personal attributes such as gender and age, advertising IDs, IP addresses, Global Positioning System locations, and users' behavior.

"These practices are both highly problematic from an ethical perspective, and are rife with privacy violations and breaches of European law", said Finn Myrstad, the director of digital policy at the NCC in a press release (Via Consumer Reports).

The U.S. doesn't have a national privacy law equivalent to the GDPR, but California residents may have new rights that could be used prevent some of the practices outlined by the NCC, thanks to the California Consumer Privacy Act, which went into effect January 1. If tech companies do not comply, the law permits the user to sue. In 2018, the dating app announced it would stop sharing users' HIV status with companies following a report in BuzzFeed exposing the practice, leading AIDS advocates to raise questions about health, safety and personal privacy.

Are they violating privacy laws?

After the report was made public, first reported in The New York Times, Twitter said it would investigate how Grindr obtained permission from users to share their data, which is at the heart of the complaint.

A representative from Twitter told Bloomberg the company is working to "understand the sufficiency of Grindr's consent mechanism" and in the meantime has disabled Grindr's MoPub account.

The Match Group, the company that owns OKCupid and Tinder, said in a statement that privacy was at the core of its business, saying it only shares information to third parties that comply with applicable laws.

For example, Grindr's privacy policy says its advertising partners "may also collect information directly from you". But even if the policies are studied, the Norwegian researchers say the legalese-filled documents sometimes do not provide a complete picture of what is happening with a person's personal information.

The law does not clearly lay out what counts as selling data, "and that has produced anarchy among businesses in California, with each one possibly interpreting it differently", said Eric Goldman, a Santa Clara University School of Law professor who co-directs the school's High Tech Law Institute.

"The extent of tracking makes it impossible for us to make informed choices about how our personal data is collected, shared and used".

Latest News