The LGBT+ dating app Grindr has been forced to defend itself, after it was revealed the company had been providing users’ data, including their HIV statuses, to other companies.
Buzzfeed reported that two companies – Appitimize and Localytics – received a variety of information that the apps’ users choose to include in their profiles, which includes their HIV status and their “last tested date.”
They were also given access to their GPS location, gender, age, phone IDs, relationship status, and physical type, which would make each user uniquely identifiable.
‘Unfairly Singled Out’
Image Credit: JE SHOOTS / Pixabay
The companies that received the data were hired to optimise the performance of their app. They monitored how users interact with its software to try to work out how to improve it.
Grindr, which has around 3.6 million users, has said that the data was shared in line with standard industry practices, and believes that it has been “unfairly singled out.”
We consider privacy as a human right ahead of commercial gains.
Localytics
Speaking to the US news site Axios, Grindr’s Security Chief, Bryce Case, stated that sharing information with third-party companies, in order to improve the app, was commonplace. The company also promised to stop sharing users’ HIV status.
‘Privacy is a Human Right Ahead of Commercial Gains’
Image Credit: Min An / Pexels
Grindr has denied sharing the HIV status of its users, writing on Twitter that, “Grindr has never, nor will we ever, sell personally identifiable user information – especially information regarding HIV status or last test date – to third parties or advertisers.”
Localytics have also released a statement, affirming that they do not sell private data, and “consider privacy as a human right ahead of commercial gains.” Appitimize has yet to comment on the matter at the time of publication.
Grindr has never, nor will we ever sell personally identifiable user information – especially information regarding HIV status or last test date – to third parties or advertisers.
— Grindr (@Grindr) April 2, 2018
The UK’s Information Commissioner’s Office (ICO), which regulates data controllers through the Data Protection Act, has said that it would investigate, whilst the Norwegian Consumer Council has filed a complaint against Grindr for breaching data protection law. The French HIV-advocacy organisation AIDES have also called for a boycott of Grindr.
Grindr users are given the option when creating their profile to share their HIV status, along with their most recent test data. The company states that this option is backed by LGBT+ groups and international health organisations.
The information is made available to potential suitors in the app, and can be used to power other features, such as reminders to get tested, and where to go on nights out.
However, Antoine Puliter of the Foundation for Scientific and Industrial Research (SINTEF), a Norwegian independent research organisation and campaign group, has said that the sharing of other unencrypted data amounts to a potential intrusion of privacy.
“The HIV status is linked to all the other information. That’s the main issue,” Pultier told BuzzFeed News, who first broke the story.
“I think this is the incompetence of some developers that just send everything, including HIV status.”
A ‘Unique’ Place to Be Open About HIV
Image Credit: Victor Freitas / Pexels
“Grindr is a relatively unique place for openness about HIV status,” James Krellenstein, a founding member of the AIDS advocacy group ACT UP New York, told BuzzFeed.
“To then have that data shared with third parties that you weren’t explicitly notified about, and having that possibly threaten your health or safety — that is an extremely, extremely egregious breach of basic standards that we wouldn’t expect from a company that likes to brand itself as a supporter of the queer community.”
The past few weeks have seen a deluge of scandals concerning personal data and its use by social media companies, most notably the role of Cambridge Analytica. It’s something that has big implications for our human rights –privacy is a big consideration in human rights law.
We all have a right to a private and family life, protected by the Human Rights Act, and in practice this also covers our correspondence and data. However, some argue this actually goes further, given the nature of the information being shared. While users may consent to sharing their status – an exceptionally sensitive and highly personal piece of information – they did not consent to share it with other companies.
As Matt Stokes pointed out in the New Statesman, Grindr’s breach of trust may deter people living with HIV from being open about their status, for fear of it being exploited. This, in turn, may stall opportunities for honest conversations about what it means to live with HIV in 2018, once again proving how vital data protection is for us all.