More than 650 claimants in the United Kingdom are suing Grindr, alleging the world's most popular LGBTQ dating app broke national privacy laws by sharing users' most sensitive health information — including their HIV status — with third-party data brokers for advertising purposes. The app used "covert tracking technology" to do so, according to the claim lodged in London's High Court on Monday. Grindr previously admitted to sharing users' HIV status in 2018, and even defended the practice despite widespread outcry.
As reported by the BBC, the company is accused of illegally sharing users' HIV status, sexual orientation, race and ethnicity with data analytics companies Apptimize and Localytics — who, claimants say, may have also kept some of the data for other purposes. Despite marketing itself as a privacy-sensitive dating app for marginalized communities, claimants allege Grindr paid the two data brokers to surveil people's usage of the app. The company is accused of sharing user data on several occasions, mainly before April 2018, but also between May 2018 and April 2020.
“Grindr owes it to the LGBTQ+ community it serves to compensate those whose data has been compromised," said Chaya Hanoomanjee, the case's lead lawyer, adding that the claimants "experienced significant distress over their highly sensitive and private information being shared without their consent."
The Austen Hays law firm aims to secure more than £100,000 ($123,599) for the claimants. Grindr's previously paid out £5.5 million ($6,797,945) in fines in 2021 after Norwegian authorities found the company breaking EU general data protection regulation rules in a similar data-sharing deal. In 2022, however, Grindr was again caught out by UK data privacy watchdogs who ruled the company failed to "provide effective and transparent privacy information to its UK data subjects in relation to the processing of their personal data." A spokesperson for Grindr told the BBC the company will "respond vigorously" to the claim, which it says "appears to be based on a mischaracterization of practices from more than four years ago," — and that the company takes user privacy "extremely seriously."
Shares