Grindr Sets Off Privacy Firestorm After Sharing Users’ H.I.V.-Status Data
Grindr, the social network aimed at gay, bisexual and transgender men, is facing a firestorm of criticism for sharing users’ H.I.V. status, sexual tastes and other intimate personal details with outside software vendors.
The data sharing, made public by European researchers on Saturday and reported by BuzzFeed on Monday, set off an outcry from many users. By Monday night, the company said it would stop sharing H.I.V. data with outside companies.
The criticism of the company continued on Tuesday, with officials in Europe and the United States joining in. A consumer group in Norway filed a formal complaint with the country’s data protection agency, accusing the company of breaching European and Norwegian laws. Two United States senators sent a letter to Grindr’s chief executive, asking whether the app had asked users to opt in before it shared their most personal details with third parties.
In a statement on Monday, the company said that sharing user data with outside companies was a standard industry practice and that Grindr had “policies in place to further protect our users’ privacy from disclosure.”
On Tuesday, in response to questions about the Norwegian group’s accusations, a Grindr spokesman said: “We welcome the questions about our policies and always look for opportunities to improve. ”
An increasing number of online users in the United States, along with some members of Congress, are questioning the tech industry’s largely unfettered collection and data-mining of consumers’ personal details. The Grindr controversy also highlights the widening regulatory gap between the United States, which lacks a comprehensive federal consumer privacy law, and Europe, where privacy is viewed as a fundamental human right, with laws to back it up.
Grindr, which is owned by the Kunlun Group, a company based in Hong Kong, has more than 3.6 million active users. The Norwegian Consumer Council, a nonprofit group in Oslo that first raised concerns about the company’s practices, said the dating app had shared users’ H.I.V. status with two software companies, Apptimize and Localytics. Although the app encrypted the H.I.V. status data, the analysis found that Grindr had shared other highly sensitive details — including users’ romantic aims and self-identified tribes like “leather” or “bear” — with an ad-targeting company without encryption.
In a complaint to the Norwegian data protection agency, the group said Grindr had violated a European data protection law that requires special protections for processing sensitive data including details about health and sex. The group said Grindr had also violated a provision in the law that requires companies to obtain informed consent before using people’s data for new purposes.
In its statement, Grindr said that it worked with software vendors to improve its platform and that, in doing so, it may share details about users’ H.I.V. status or location. The company reminded users that “Grindr is a public forum” and that they should know that data they included in their profiles, including their H.I.V. status, would become public.
“As a result, you should carefully consider what information to include in your profile,” the statement said.
But consumer advocates said Grindr had used intimate personal details for purposes that the app’s users had never signed up for or even knew about.
“It’s totally invisible to the user, which is why they feel betrayed and a loss of control when sensitive data about them is shipped to some third party,” said Justin Brookman, the director of consumer privacy and technology policy at Consumers Union, the advocacy arm of Consumer Reports. “I hope this will get app developers and other companies to rethink their promiscuous data-sharing practices.”