Norway: Grindr hit with privacy complaint in Europe over sharing user data

he Norwegian Consumer Council has filed a privacy complaintabout Grindr,  arguing it’s in breach of national and European data protection laws after it emerged the dating app has been sharing personal information about its users with third parties.

As we reported earlier, Norwegian research outfit SINTEF analyzed the app’s traffic and found that — if set — a user’s HIV status is included in packets sent to two app optimization firms, Apptimize and Localytics. This data was sent via an encrypted transmission. But users were not informed their HIV status was being shared. 

Grindr has claimed HIV status data is being shared only for testing and platform optimization purposes — and that the third parties in question are “under strict contractual terms that provide for the highest level of confidentiality, data security, and user privacy” .

As well as HIV statuses, SINTEF found Grindr transmits a raft of other personal data points to third party ad firms — this time via unencrypted transmissions — namely: precise GPS position, gender, age, “tribe” (aka group-affiliation, e.g. trans, bear), intention (e.g. friends, relationship), ethnicity, relationship status, language and device characteristics.

The Council is objecting to both the sharing of highly sensitive HIV statuses and other personal information with third parties without Grindr gaining explicit user consent for the data to be handed off to others.

“Information about sexual orientation and health status is regarded as sensitive personal data according to European law, and has to be treated with great care. In our opinion, Grindr fails to do so,” said Finn Myrstad, director of digital services at the Council in a statement on its action. Read more via TechCrunch