Grindr, the popular dating and hook-up app targeted to gay men, is facing tough questions from United States senators after European researchers revealed that it was sharing user data with third parties.
“Grindr collects highly personal data about its users,” wrote Senators Edward Markey (D-Massachusetts) and Richard Blumenthal (D-Connecticut) in a letter addressed to Grindr’s interim CEO Zhou Yahui.
The senators are asking Yahui, who is based in Hong Kong, to answer over a dozen detailed questions about how the app collects data and what it is used for. The senators are demanding a response by April 17.
“Simply using an app should not give companies a license to carelessly use, handle or share this type of sensitive information,” they add.
Users asked sensitive questions
Grindr surged in popularity with the premise of searching for potential hook-ups in an anonymous and safe environment. The app was initially tailored only to men seeking other men and allowed users to set up profiles without confirming their identify.
However, a rise in spam profiles caused the company to ditch anonymous profiles in 2013. In 2017, Grindr announced that it was opening the app to women, transgender people, and bisexual men.
Despite the changes over the years, Grindr has soared in popularity and now has a registered 3.6 million users.
When new users create their Grindr profiles, they are asked a series of sensitive questions, including their sexual preference and HIV status. Users then have the option of displaying their HIV status on their profile for others to see.
But consumers likely assumed that the information would stay contained in the app -- not be shared with third parties.
Users' HIV statuses shared
Data researchers in Norway, where data collection laws are much stricter than they are here, discovered the company’s practices via a technical analysis published on Saturday. According to their findings, users’ HIV statuses are shared with two outside analytics firms and their sexual preferences are shared with several third-party companies that do not encrypt the data.
The Consumer Council, an advocacy group in Norway, looked over the results and announced plans shortly after to file a complaint to the country’s regulators. The group charges that Grindr’s practices are in violation of Europe’s laws designed to protect user data.
The findings gained attention in the United States when BuzzFeed published a report independently verifying the data-sharing on Monday.
ACT UP New York member James Krellenstein told BuzzFeed news that Grindr is unique for encouraging users to be transparent with each other about their HIV status.
“To then have that data shared with third parties that you weren’t explicitly notified about, and having that possibly threaten your health or safety — that is an extremely, extremely egregious breach of basic standards that we wouldn’t expect from a company that likes to brand itself as a supporter of the queer community,” he told the publication.
In a statement on their United States website, Grindr had a somewhat defensive response while also acknowledging that it had room to improve.
He claimed that the company has never sold personal data and added that it they are “always looking for additional measures that go above and beyond industry best practices to help maintain our users’ right to privacy.”
But Grindr did not indicate in its statement whether it would agree to answer the Senators’ more detailed questions about its data collection practices.
The company later backtracked somewhat, telling the publication Axios that it would stop sharing users’ HIV status with the outside vendors.