UK Lawsuit Claims Grindr Shared HIV Status

Gay dating app Grindr has been sued in the UK for allegedly sharing users’ sensitive personal data, including HIV status, with third parties.

The lawsuit by firm Austen Hays at the High Court in London claims “covert tracking technology” was deployed by Grindr and highly sensitive information was shared with advertisers.

The firm said about 670 people have signed up to the mass lawsuit and that potentially thousands more could join the case.

The breaches allegedly took place mainly before 3 April 2018, but also between 25 May 2018 and 7 April 2020.

‘Mischaracterisation’

Grindr said it would “respond vigorously” to the lawsuit, which it said “appears to be based on a mischaracterisation of practices from more than four years ago”.

The firm hopes to claim more than £100,000 in damages, according to its filing with the High Court.

Austen Hays attorney Chaya Hannoomanjee, who is leading the case, said claimants “experienced significant distress over their highly sensitive and private information being shared without their consent”.

“Grindr owes it to the LGBTQ+ community it serves to compensate those whose data has been compromised,” Hannoomanjee said.

Image credit: Grindr

Commercial purposes

The claim says Grindr shared sensitive data with third parties for commercial purposes, in violation of UK data protection laws.

The data included users’ ethicity and sexual orientation, the lawsuit claims.

It names data analytics firms Apptimize and Localytics as third parties which had access to the data.

But a potentially unlimited number of third parties used the data to customise advertisements for Grindr users, with some possibly retaining some of the shared data for their own purposes, the lawsuit claims.

Controversy

In April 2018 Norwegian non-profit group Sintef reported that Grindr had been sharing sensitive data including HIV status with Apptimize and Localytics, who were tasked with helping Grindr improve its platform.

Grindr admitted the practice, but said it was industry standard and that it differed from the sale of personal information to third parties or advertisers, which it said it had never done and would never do.

But in December 2021 the Norwegian data protection authority fined Grindr approximately 6.5 million euros (£5.6m) for sharing users personal information with third parties for creating tailored advertisements, including GPS location, IP address, advertising ID, age and gender.

The firm’s practices violated the EU’s General Data Protection Regulation (GDPR),the Norway DPC said.

‘Valid legal consent’

Grindr said at the time that it obtained “valid legal consent from all” European users.

The firm was reprimanded by the UK Information Commissioner’s Office (ICO) in 2022 over its data protection practices.

The ICO said the firm had failed to “provide effective and transparent privacy information to its UK data subjects in relation to the processing of their personal data”.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

UK AI Safety Institute To Open Office In US

Seeking collaboration on AI regulation, UK's AI Safety Institute to cross Atlantic and will open…

23 mins ago

Silicon In Focus Podcast: Does Security Block Innovation?

Explore the dynamic intersection of technology and security with Silicon In Focus Podcast: Does Security…

45 mins ago

EU Widens Investigations Into Chinese Imports, Subsidies

After the United States imposes 100 percent tariffs on certain Chinese goods, Europe widens its…

3 days ago

Reddit Deal With OpenAI Gives ChatGPT Access To Content

OpenAI strikes deal with Reddit to train its AI tech on user posts and give…

3 days ago

Microsoft Invests 4 Billion Euros In France For AI, Cloud

Global spending spree from Microsoft continues, with huge investment for new data centre to drive…

3 days ago

Toshiba Axes 4,000 Staff In Post-Delisting Restructuring Operation

Workforce blow. Newly privatised Toshiba has embarked on a 'revitalisation plan' that will entail the…

4 days ago