Metro Weekly

Grindr accused of sharing users’ sensitive data to multiple companies

New research claims Grindr outs users as LGBTQ to more than a dozen companies

grindr, gay, dating, data
Photo: Grindr

A new study has accused dating app Grindr of sharing sensitive user data to more than a dozen companies.

The Norwegian Consumer Council published the findings of a study into ten apps, including dating apps Grindr, OKCupid, and Tinder, claiming they are sharing location data, sexuality, and other information to “a large number of shadowy entities.”

The other apps include ovulation tracker MyDays, game My Talking Tom 2, and social app Happn.

NCC identified more than a dozen companies that are receiving data from Grindr — data that includes user tracking information and the name of the app, outing users as LGBTQ.

Grindr also shares location data with multiple companies, which can in turn continue to share that data with their own partners, the New York Times reports.

According to the Times, testing the Android version of Grindr’s app resulted in specific location data being shared with five companies.

Furthermore, the “vagueness” of Grindr’s legal basis for processing personal data in its privacy policy “makes it impossible for the user to know what they are consenting to” when signing up for the app.

Grindr lists just one advertising platform in its privacy policy — Twitter’s MoPub platform — which connects to more than 160 partners.

One such partner is AT&T, whose adtech company AppNexus shares data with more than 1,000 other companies.

NCC does note that Grindr prevents advertisers from accessing health data, such as HIV status, or a user’s “tribe” (whether they are a bear, twink, otter, etc.) — changes that were likely included after Grindr admitted in 2018 that it was sharing users’ HIV status with two outside companies.

Grindr said at the time that both firms were under “strict contractual terms” to provide “the highest level of confidentiality.” But the data being shared was so detailed — including GPS data, phone ID, and email — that it could be used to identify specific users and their HIV status.

Related: Grindr admits to sharing users’ HIV status with other companies

Previous research has also shown that Grindr exposes users’ exact location, with researchers claiming last year that the company has known about the flaw for years, but refuses to fix it.

And in 2017, a D.C.-based developer created a website that allowed users to see who had previously blocked them on the app — information that is normally inaccessible.

In a statement to the Times, Grindr said it had not received the report, and refused to comment on the specifics.

Twitter, meanwhile, said in a statement that it is “currently investigating this issue to understand the sufficiency of Grindr’s consent mechanism. In the meantime, we have disabled Grindr’s MoPub account.”

In addition to Grindr, OKCupid and Tinder were also found to be sharing user data with multiple companies.

Similar privacy policies in both apps, which are owned by Match Group, allow data to be shared with Match.com and the 45 other dating-related businesses owned by the company, as well as third parties for advertising and analytical purposes.

OKCupid was found to be sharing data on drug use, ethnicity, and users’ political views, while Tinder was found to be sharing users’ gender information, as well as the gender of those they were seeking to match with.

NCC also determined through its research that Grindr, OKCupid, Tinder, AppNexus, and three other companies are in breach of the European Union’s GDPR law on data protection and privacy.

The NCC, alongside privacy group Noyb, has filed GDPR complaints against each company.

NCC said in its report that the surveillance systems at the heart of online advertising are “completely out of control, harming consumers, societies, and businesses.”

“The collection of data across services and devices allows many of these companies to construct intricate profiles about individual consumers, which can be used to target, discriminate and manipulate people,” NCC said. “All of this depends on a complex industry of actors that operate outside of the public consciousness, and happens on a questionable legal basis.”

It added: “It is overdue that change is enacted, and that the currently prevalent practices are curbed.”

Related:

Gay Michigan hairstylist killed and mutilated after meeting up with Grindr contact

Man rejected on Grindr threatens to ‘wipe out’ gay community in Tampa

The U.S. government believes Grindr is a national security risk. Yes, really.

Read more:

Arizona Republican backtracks after criticism for banning LGBTQ topics from sex ed classes

Chinese retail giant Alibaba praised for gay-themed ad

Federal appeals court blocks Trump administration from discharging HIV-positive Air Force members

Support Metro Weekly’s Journalism

These are challenging times for news organizations. And yet it’s crucial we stay active and provide vital resources and information to both our local readers and the world. So won’t you please take a moment and consider supporting Metro Weekly with a membership? For as little as $5 a month, you can help ensure Metro Weekly magazine and MetroWeekly.com remain free, viable resources as we provide the best, most diverse, culturally-resonant LGBTQ coverage in both the D.C. region and around the world. Memberships come with exclusive perks and discounts, your own personal digital delivery of each week’s magazine (and an archive), access to our Member's Lounge when it launches this fall, and exclusive members-only items like Metro Weekly Membership Mugs and Tote Bags! Check out all our membership levels here and please join us today!