IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

App data sharing sparks Grindr complaint

Norwegian consumer group reveals how apps are sharing user data

Dating apps and similar services are sharing sensitive data without consent despite GDPR, according to a study by a Norwegian consumer group. 

The Norwegian Consumer Council looked at ten popular apps to see how they use personal data, in particular how that information is shared with third parties and whether there's meaningful consent — required under the General Data Protection Regulation (GDPR). 

The findings make for uncomfortable reading. For its report, Out of Control, the NCC turned to security firm Mnemonic to analyse the data sent from ten apps to at least 135 different third parties involved with behavioural profiling and advertising. 

"The actors, who are part of what we call the digital marketing and adtech industry, use this information to track us over time and across devices, in order to create comprehensive profiles about individual consumers," the NCC said in a statement. "In turn, these profiles and groups can be used to personalise and target advertising, but also for other purposes such as discrimination, manipulation, and exploitation." 

The apps tested were Tinder, OkCupid, Grindr, and Happn, as well as Muslim: Qibla Finder, My Talking Tom 2, Perfect365, and Wave Keyboard. 

According to the report, the apps shared the Android Advertising ID — which tracks users across different services — to 70 third parties. However, there was more data shared, including GPS location, IP address, gender and age. 

For example, dating app Grindr shared IP address, GPS location, age and gender, as well as the Advertising ID, with advertising companies such as AppNexus and OpenX via Twitter's adtech arm MoPub, the report said. "Many of these third parties reserve the right to share the data they collect with a very large number of partners," the report added.

The NCC has since filed a data protection complaint against Grindr with local authorities. Grindr told The New York Times that it valued user privacy and protects their information. Last year, Grindr said it would stop sharing the HIV status of its users, following a report such data was being sent to analytics companies. 

The report also showed OkCupid shared personal data including sexuality with analytics company Braze, while period tracker app MyDays shared GPS location with advertising firms, the report noted — it's unclear why a menstruation calendar would need to pinpoint your location from space in the first place. 

"The apps mentioned in the report help us with everything from dating, to monitoring our menstrual cycles," notes Harriet Kingaby, of Consumers International, which is affiliated with NCC. "These services can certainly benefit consumers but there is little to no choice about the level of data sharing involved when they use them and they cannot protect themselves from the unintended consequences of this sharing."

The NCC report follows similar research by Privacy International that also concluded apps are not meeting GDPR requirements by sharing too much personal information without consent. 

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Most Popular

Why convenience is the biggest threat to your security

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022