A Norwegian consumer group found popular dating apps such as Grindr, Tinder and OKCupid may be selling intimate user data to advertising and marketing firms in direct violation of the European Union’s General Data Privacy Regulation (GDPR).
The report, “Out of Control: How Consumers Are Exploited by the Online Advertising Industry,” found those apps sent user data to at least 135 different advertisers or other third parties whose business involves behavioral profiling — in some or all cases, without giving users a viable way to opt out.
Grindr might be sharing users’ longitude and latitude with dozens of other companies, mainly advertisers. Tinder, meanwhile, allegedly tells third parties about users’ genders and the genders they’re looking to date. And OKCupid might spill the answers to intimate profile questions it asks users — such as questions about drug use and ethnicity — to its purported 300-plus partners.
Both Tinder and OKCupid are owned by Match Group. The terms of service on both apps admit to sharing some user information with service providers and partners, as well as with other Match brands like Match.com, PlentyOfFish, and, potentially, legal authorities. They do not specify what information might be considered shareable, nor under what circumstances.
Grindr lets users know that some of their information — things like sexual preferences and HIV status, which the service got in trouble for sharing in 2018 — will be kept out of third-party hands, while things like “distance information” remains shareable. Its partners include companies like MoPub, Twitter’s ad service, which , shares user data with over 180 of its own partners, which in turn may share that info with their partners… And so on and so forth. So user data is spread out to an ever increasing web of companies.
The council also said it has filed formal complaints with Norway’s data protection authority against Grindr, the Twitter-owned mobile advertising platform MoPub and four ad tech firms.
“None of the apps provided the information necessary for the consumer to make an informed choice when launching the apps. Furthermore, we found a near complete lack of in-app settings to regulate or prevent the sharing of personal data with third parties ... If the consumer does not want their apps to transmit personal data to commercial third parties, the only option is often not to install the apps in the first place,” it states.