Tinder, Grindr sell personal data in possible violation of privacy laws, study says

Brief:

Dating apps Tinder, Grindr and OkCupid are among the mobile apps that sell personal information about their users in possible violation of privacy laws, the Consumer Council of Norway on Tuesday alleged in a report. The government-funded consumer protection group commissioned cybersecurity company Mnemonic to analyze how 10 popular apps share data with third parties involved in advertising or behavioral profiling.
In addition to looking at Tinder, Grindr and OkCupid, the report studied dating app Happn, period tracker apps Clue and MyDays, makeup app Perfect365, children's app My Talking Tom2, Qibla Finder and Wave Keyboard. The study found that the apps shared data with at least 135 different third parties. Some of the information included precise locations of mobile users.
The Norwegian group also filed complaints with regulators in Oslo, asking them to look into Grindr and five ad tech companies to determine whether they violated Europe's data privacy law, the GDPR. In the U.S., consumer groups sent requests to regulators such as California's attorney general to investigate the companies, The New York Times reported.

Insight:

The Consumer Council of Norway's report, titled "Out of Control: How consumers are exploited by the online advertising industry," may shock some readers, although the data-sharing practices of app developers are well known among mobile marketers. The key question is whether the report will compel regulators in Europe and the U.S. to crack down on data-sharing practices that may violate consumer privacy laws.

Many people may not be aware of how much their personal data is shared with third parties, even if the information is anonymized and aggregated to hide their real names. The practice of inferring certain kinds of behavior, including dating habits or illegal drug use, about individual consumers may be found to violate data privacy laws. Location data is especially sensitive, considering it can be matched with a person's home and work address, as the Times reported last month as part of its ongoing "Privacy Project" investigations.

There have already been some repercussions to Consumer Council of Norway's findings outside of the regulatory sphere. Twitter on Tuesday said it had suspended Grindr from its advertising network and would launch an investigation into the app's data-sharing practices, Ad Age reported. The council's report actively calls for fines against those it views in violation of data privacy guidelines, including Twitter, per Ad Age.

Mobile marketers need to ensure that they have systems in place to maintain the trust of their customers and to avoid possible violations of a growing number of data privacy laws. That's especially true as consumer protection groups like the Consumer Council of Norway advocate for investigations into the data-sharing practices of mobile apps.

It's not clear how all the apps named in the report will respond to the allegations. Match Group, which owns OkCupid and Tinder, said in a statement cited by the Times that it complied with privacy laws and had contracts in place with data vendors to protect the personal data of users.