Grindr is on the brink of facing legal action as hundreds of users prepare to sue the world’s biggest dating app for the LGBTQIA+ community, claiming that it shared extremely sensitive personal data, including HIV status, with advertising firms.
According to the claim, lodged at the High Court in London today, Monday 22 April 2024, by law firm Austen Hays, there are more than 650 claimants and “thousands” of UK users who were affected.
Chaya Hanoomanjee, Managing Director of Austen Hays, who is leading the claim, stated: “Our clients have experienced significant distress over their highly sensitive and private information being shared without their consent, and many have suffered feelings of fear, embarrassment and anxiety as a result.”
“Grindr owes it to the LGBTQ+ community it serves to compensate those whose data has been compromised,” she added.
Grindr said it will “respond vigorously” to the claim. A spokesperson for the dating app also said that the company takes privacy “extremely seriously,” and added that the claim “appears to be based on a mischaracterisation of practices from more than four years ago.”
Founded in 2009 to facilitate connections among gay men, Grindr has since become a leading platform for LGBTQIA+ individuals worldwide. However, its growth has not been without controversy, particularly concerning its handling of users’ personal data.
The latest lawsuit focuses on Grindr’s alleged sharing of personal information with two third-party advertising companies for commercial purposes, in breach of the UK’s data privacy laws. It says it included information about the ethnicity and sexual orientation of users.
The claim alleges it mainly occurred before 3 April 2018, though the data was shared between 25 May 2018 and 7 April 2020. It names data analytics companies Apptimize and Localytics as third parties which had access to the sensitive data.
However, it also adds that a potentially unlimited number of third parties used the data to customise ads to Grindr’s users.
LGBTQIA+ individuals, who already face societal discrimination and stigma, are particularly vulnerable to privacy breaches that could expose their personal information, including sexual orientation and HIV status, to unauthorised parties.
The lawsuit against Grindr is not an isolated incident. In recent years, there have been numerous data breaches and privacy violations involving popular social media platforms and dating apps. These incidents have prompted calls for stronger regulations and safeguards to protect users’ personal information from exploitation and misuse.
Back in 2018, when Grindr first admitted to sharing users’ HIV status, Antoine Pultier, a researcher at the Norwegian nonprofit organisation SINTEF, highlighted that because the HIV information was sent alongside users’ GPS data, phone ID, and email, it would identify specific users.
Grindr’s response to the allegations has been met with scepticism, as the company contends that its data-sharing practices were in line with industry standards. However, critics argue that such practices undermine users’ trust and raise serious ethical concerns.
Moreover, this wouldn’t be the first time that Grindr has either purposefully or inadvertently been at the centre of a conversation regarding the safety of LGBTQIA+ individuals. Previously, the dating app made headlines after TikTok content creators began using the ‘Explore’ and ‘Passport’ features to identify and ‘out’ queer athletes staying in the Olympic Village in Tokyo in 2021.
Interestingly, the 2024 lawsuit against Grindr comes at a time when governments around the world are grappling with the challenges of regulating the digital economy and safeguarding users’ privacy rights.
In Europe, General Data Protection Regulation (GDPR) has set a precedent for data protection laws, imposing strict requirements on companies that collect and process personal data. However, enforcement of these regulations remains a challenge, as evidenced by Grindr’s alleged violations of British data protection laws.
The outcome of the lawsuit against Grindr could have far-reaching implications for the tech industry and the broader debate surrounding digital privacy. If successful, this legal action could set a precedent for holding tech companies accountable for their data practices and compel them to adopt more stringent measures to protect users’ personal information.