(Bloomberg) — Want the lowdown on European markets? In your inbox before the open, every day. Sign up here.
Grindr is sharing detailed personal data with thousands of advertising partners, allowing them to receive information about users’ location, age, gender and sexual orientation, a Norwegian consumer group said.
The service — described as the world’s largest social networking app for gay, bi, trans, and queer people — gave user data to third parties involved in advertising and profiling, according to a report by the Norwegian Consumer Council that was released Tuesday. Twitter Inc. ad subsidiary MoPub was used as a mediator for the data sharing and passed personal data to third parties, the report said.
“Every time you open an app like Grindr, advertisement networks get your GPS location, device identifiers and even the fact that you use a gay dating app,” said Austrian privacy activist Max Schrems. “This is an insane violation of users’ EU privacy rights.”
The consumer group and Schrems’s privacy organization have filed three complaints against Grindr and five adtech companies to the Norwegian Data Protection Authority for breaching European data protection regulations. Schrems’s group Noyb will file similar complaints with the Austrian DPA in the coming weeks, according to the statement.
Match Group Inc.’s popular dating apps OkCupid and Tinder LLC share data with each other and other brands owned by the company, the research found. OkCupid gave information pertaining to customers’ sexuality, drug use and political views, to the analytics company Braze Inc., the organization said.
Representatives for Grindr, Match Group and Braze didn’t immediately respond to requests for comment.
Twitter is investigating the issue to “understand the sufficiency of Grindr’s consent mechanism” and has disabled the company’s MoPub account, a representative said.
European consumer group BEUC urged national regulators to “immediately” investigate online advertising companies over possible violations of the bloc’s data protection rules, following the Norwegian report. It’s also written to European Commission executive vice-president Margrethe Vestager to take action.
“The report provides compelling evidence about how these so-called ad-tech companies collect vast amounts of personal data from people using mobile devices, which advertising companies and marketeers then use to target consumers,” BEUC said in an emailed statement. This happens “without a valid legal base and without consumers knowing it.”
The European Union’s data protection law, GDPR, came into force in 2018 setting rules for what websites can do with user data. It mandates that companies must get unambiguous consent to collect information from visitors. The most serious violations can lead to fines of as much as 4% of a company’s global annual sales.
Where Tech Giants Are Getting Slapped Over Privacy: QuickTake
It’s part of a broader push across Europe to crack down on companies that fail to protect customer data. In January last year, Alphabet Inc.’s Google received a fine of 50 million euros ($56 million) from France’s privacy regulator following a complaint by Schrems over the company’s privacy policies. Prior to GDPR, the French watchdog levied maximum fines of 150,000 euros.
The U.K. threatened Marriott International Inc. with a 99 million-pound ($128 million) fine in July following a hack of its reservation database, just days after the U.K.’s Information Commissioner’s Office proposed handing a 183.4 million-pound penalty to British Airways in the wake of a data breach.
Schrems has for years taken on large tech companies’ use of personal information, including filing lawsuits challenging the legal mechanisms Facebook Inc. and thousands of other companies use to move that data across borders.
He’s become even more active since GDPR kicked in, filing privacy complaints against companies including Amazon.com Inc. and Netflix Inc., accusing them of breaching the bloc’s strict data protection rules. The complaints are also a test for national data protection authorities, who are obliged to examine them.
(Updates with Twitter’s involvement, BEUC reaction starting in second paragraph.)
–With assistance from Stephanie Bodoni.
To contact the reporters on this story: Sarah Syed in London at [email protected];Natalia Drozdiak in Brussels at [email protected];Nate Lanxon in London at [email protected]
To contact the editors responsible for this story: Giles Turner at [email protected], Amy Thomson
<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="For more articles like this, please visit us at bloomberg.com” data-reactid=”38″>For more articles like this, please visit us at bloomberg.com
©2020 Bloomberg L.P.
Add Comment