A new study has accused dating app Grindr of sharing sensitive user data to more than a dozen companies.
The Norwegian Consumer Council published the findings of a study into ten apps, including dating apps Grindr, OKCupid, and Tinder, claiming they are sharing location data, sexuality, and other information to “a large number of shadowy entities.”
The other apps include ovulation tracker MyDays, game My Talking Tom 2, and social app Happn.
NCC identified more than a dozen companies that are receiving data from Grindr — data that includes user tracking information and the name of the app, outing users as LGBTQ.
Grindr also shares location data with multiple companies, which can in turn continue to share that data with their own partners, the New York Times reports.
According to the Times, testing the Android version of Grindr’s app resulted in specific location data being shared with five companies.
One such partner is AT&T, whose adtech company AppNexus shares data with more than 1,000 other companies.
NCC does note that Grindr prevents advertisers from accessing health data, such as HIV status, or a user’s “tribe” (whether they are a bear, twink, otter, etc.) — changes that were likely included after Grindr admitted in 2018 that it was sharing users’ HIV status with two outside companies.
Grindr said at the time that both firms were under “strict contractual terms” to provide “the highest level of confidentiality.” But the data being shared was so detailed — including GPS data, phone ID, and email — that it could be used to identify specific users and their HIV status.
Related: Grindr admits to sharing users’ HIV status with other companies
Previous research has also shown that Grindr exposes users’ exact location, with researchers claiming last year that the company has known about the flaw for years, but refuses to fix it.
And in 2017, a D.C.-based developer created a website that allowed users to see who had previously blocked them on the app — information that is normally inaccessible.
In a statement to the Times, Grindr said it had not received the report, and refused to comment on the specifics.
Twitter, meanwhile, said in a statement that it is “currently investigating this issue to understand the sufficiency of Grindr’s consent mechanism. In the meantime, we have disabled Grindr’s MoPub account.”
In addition to Grindr, OKCupid and Tinder were also found to be sharing user data with multiple companies.
Similar privacy policies in both apps, which are owned by Match Group, allow data to be shared with Match.com and the 45 other dating-related businesses owned by the company, as well as third parties for advertising and analytical purposes.
OKCupid was found to be sharing data on drug use, ethnicity, and users’ political views, while Tinder was found to be sharing users’ gender information, as well as the gender of those they were seeking to match with.
NCC also determined through its research that Grindr, OKCupid, Tinder, AppNexus, and three other companies are in breach of the European Union’s GDPR law on data protection and privacy.
The NCC, alongside privacy group Noyb, has filed GDPR complaints against each company.
NCC said in its report that the surveillance systems at the heart of online advertising are “completely out of control, harming consumers, societies, and businesses.”
“The collection of data across services and devices allows many of these companies to construct intricate profiles about individual consumers, which can be used to target, discriminate and manipulate people,” NCC said. “All of this depends on a complex industry of actors that operate outside of the public consciousness, and happens on a questionable legal basis.”
It added: “It is overdue that change is enacted, and that the currently prevalent practices are curbed.”
Gay Michigan hairstylist killed and mutilated after meeting up with Grindr contact
Man rejected on Grindr threatens to ‘wipe out’ gay community in Tampa
The U.S. government believes Grindr is a national security risk. Yes, really.
Arizona Republican backtracks after criticism for banning LGBTQ topics from sex ed classes
Chinese retail giant Alibaba praised for gay-themed ad
Federal appeals court blocks Trump administration from discharging HIV-positive Air Force members