Gay dating app Grindr is coming under greater scrutiny after admitting to sharing users’ HIV status with two outside companies for testing purposes.
Grindr confirmed the data sharing arrangement, which was first reported by BuzzFeed News, in which it paid firms Localytics and Apptimize to test and monitor how the app is being used. Among the information that the firms received was users’ HIV status and their “last tested date,” for those who are HIV-negative or on pre-exposure prophylaxis.
Grindr says the firms are under “strict contractual terms that provide for the highest level of confidentiality, data security and use privacy. The company also insists that data including location or information from HIV status fields are “always transmitted securely with encryption.”
But because the HIV information is sent together with users’ GPS data, phone ID, and email, it could be used to identify specific users and their HIV status, says Antoine Pultier, a researcher at the Norwegian nonprofit SINTEF, which first identified the problem.
“The HIV status is linked to all the other information. That’s the main issue,” Pultier told BuzzFeed. “I think this is the incompetence of some developers that just send everything, including HIV status.”
Grindr, which was founded in 2009, has more than 3.6 million daily active users across the world. Recently, the company has tried to market itself as a source for cultural content by launching an online magazine, and as socially responsible by offering free ads for HIV-testing sites. Last week, launched an optional feature allowing users to receive reminders about getting tested for HIV every 3 to 6 months.
Already, the dating app is facing a data privacy complaint in Europe, as the Norwegian Consumer Concil claims it has violated both European and Norwegian data privacy laws, reports CBS News.
“Information about sexual orientation and health status is regarded as sensitive personal data according to European law, and has to be treated with great care. In our opinion, Grindr fails to do so,” Finn Myrstad, director of digital services in the Norwegian Consumer Council, said in a statement.
Grindr has since defended the information sharing, arguing that sharing some data is “standard industry practice for rolling out and debugging software.” That said, the company insists it is not sharing users’ HIV status with third-party companies.
“Any information we provide to our software vendors including HIV status information is encrypted and at no point did we sharing sensitive information like HIV status with advertisers,” Grindr security chief Bryce Case said in a statement.
Nonetheless, AIDS Healthcare Foundation criticized the app for sharing sensitive information that could have potentially been made vulnerable through the third-party vendors.
“Grindr’s action with its clients’ data appear to be unprecedented and is a serious violation of laws protecting the confidentiality of clients’ personal information, particularly sensitive health information that may result in stigma and discrimination targeting those individuals,” Michael Weinstein, the president of AIDS Healthcare Foundation, said in a statement. “We demand that Grindr immediately cease and desist this reckless practice and do whatever it can to retrieve, shut down or halt the further sharing of this personal and confidential information.
“It is extremely unfortunate that those men who have been courageous enough to share their HIV status, be it positive or negative, on their Grindr profiles, may have now had that most personal data indiscriminately shared by Grindr,” added Weinstein. “We laud those Grindr members for their courage and challenge Grindr to quickly get its act together to restore the confidentiality all members deserve and should expect with their data from Grindr.”
This is a developing story.