Jan 14, 2020

Grindr Shares Location, Sexual Orientation Data, Study Shows

Sarah Syed, Nate Lanxon and Natalia Drozdiak, Bloomberg News

LONDON, ENGLAND - NOVEMBER 24: The "Grindr" app logo is seen amongst other dating apps on a mobile phone screen on November 24, 2016 in London, England. Following a number of deaths linked to the use of anonymous online dating apps, the police have warned users to be aware of the risks involved, following the growth in the scale of violence and sexual assaults linked to their use. (Photo by Leon Neal/Getty Images) , Photographer: Leon Neal/Getty Images Europe

(Bloomberg) -- Want the lowdown on European markets? In your inbox before the open, every day. Sign up here.

Grindr is sharing detailed personal data with thousands of advertising partners, allowing them to receive information about users’ location and sexual orientation, a Norwegian consumer group said.

The service -- described as the world’s largest social networking app for gay, bi, trans, and queer people -- gave user data to third parties involved in advertising and profiling, according to a report by the Norwegian Consumer Council that was released Tuesday.

“Every time you open an app like Grindr, advertisement networks get your GPS location, device identifiers and even the fact that you use a gay dating app,” said Austrian privacy activist Max Schrems. “This is an insane violation of users’ EU privacy rights.”

The consumer group and Schrems’s privacy organization have filed three complaints against Grindr and five adtech companies to the Norwegian Data Protection Authority for breaching European data protection regulations. Schrems’s group Noyb will file similar complaints with the Austrian DPA in the coming weeks, according to the statement.

Match Group Inc.’s popular dating apps OkCupid and Tinder LLC share data with each other and other brands owned by the company, the research found. OkCupid gave information pertaining to customers’ sexuality, drug use and political views, to the analytics company Braze Inc., the organization said.

Representatives for Grindr, Match Group and Braze didn’t immediately respond to requests for comment.

Europe’s data protection law, GDPR, came into force in 2018 setting rules for what websites can do with user data. It mandates that companies get unambiguous consent to collect information from visitors. The most serious violations can lead to fines of as much as 4% of a company’s global annual sales.

Where Tech Giants Are Getting Slapped Over Privacy: QuickTake

It’s part of a broader push across Europe to crack down on companies that fail to protect customer data. In January last year, Alphabet Inc.’s Google received a fine of 50 million euros ($56 million) from France’s privacy regulator following a complaint by Schrems over the company’s privacy policies. Prior to GDPR, fines couldn’t exceed the maximum of 150,000 euros.

The U.K. threatened Marriott International Inc. with a 99 million-pound ($128 million) fine in July following a hack of its reservation database, just days after the U.K.’s Information Commissioner’s Office proposed handing a 183.4 million-pound penalty to British Airways in the wake of a data breach.

Schrems has for years taken on large tech companies’ use of personal information, including filing lawsuits challenging the legal mechanisms Facebook Inc. and thousands of other companies use to move that data across borders.

He’s become even more active since GDPR kicked in, filing privacy complaints against companies including Amazon.com Inc. and Netflix Inc., accusing them of breaching the bloc’s strict data protection rules. The complaints are also a test for national data protection authorities, who are obliged to examine them.

To contact the reporters on this story: Sarah Syed in London at ssyed35@bloomberg.net;Nate Lanxon in London at nlanxon@bloomberg.net;Natalia Drozdiak in Brussels at ndrozdiak1@bloomberg.net

To contact the editors responsible for this story: Giles Turner at gturner35@bloomberg.net, Amy Thomson