Twitter Swiped Left on Grindr’s Vague Privacy Policy

Feb 07, 2020

picture to accompany article about Grindr Twitter ad privacy issue Twitter suspended mobile dating app Grindr from its ad platform after the Norwegian Consumer Council (NCC) accused the app of allegedly passing private user data to advertisers without proper consent, breaking GDPR rules.

Watchdog Investigation Gets Grindr Booted Off Twitter Ad Platform Over Privacy Concerns

The NCC examined 10 apps and found Grindr especially problematic. because of its “vague” privacy policy that “tried to excuse itself from misuse of data by advertising partners.”

The policy in question instructed users to check with third-party promotional partner MoPub to learn how data is used. For its part, MoPub also passes the privacy buck. It advises visitors to check with its third-party partners, of which it lists over 160, about how data is collected, stored, and used.

The NCC report admonished: “By stating that it does ‘not control the use of these tracking technologies,’ and by asking users to read the privacy policies of any third-party companies that may receive personal data, Grindr is attempting to shift accountability for the advertising technologies that it is using away from itself.

A spokesperson for a European privacy non-profit, Noyb, further explained: “Every time you open an app like Grindr, advertisement networks get your GPS location, device identifiers and even [what type of dating apps people are using]. This is an insane violation of users’ EU privacy rights.”

Results of NCC Online Privacy Study

Every app the NCC reviewed had digital privacy problems. Each one shared data with third parties, and 9 out of 10 handed information over to Facebook. The NCC report explained: “Because of the scope of tests, size of the third parties that were observed receiving data and popularity of the apps, we regard the findings from these tests to be representative of widespread practices.

“We urge data protection authorities to enforce the GDPR,” the NCC concluded, “and for advertisers and publishers to look toward alternative digital advertising methods that respect fundamental rights.”

Finn Myrstad, NCC digital policy director, told reporters that people with 40 to 80 apps on their phone could conceivably pass their data to thousands of online actors weekly.

In response to the decision, Grindr responded:

“User privacy and data security is [sic], and always will be, a high priority for Grindr. Examples of this commitment include sharing our revised privacy policy in its entirety to every Grindr user in order to gain their consent and provide even greater transparency about Grindr’s privacy-forward practices.

“In addition, Grindr is currently implementing an enhanced consent management platform with OneTrust to provide users with additional in-app control regarding their personal data. As always, Grindr users have individual control over exactly what information they choose to provide in their profiles. We have also further enhanced our information security policy as part of our ongoing commitment to safeguard our users’ data.

“So while we reject a number of the report’s assumptions and conclusions, we welcome the opportunity to be a small part in a larger conversation about how we can collectively evolve the practices of mobile publishers and continue to provide users with access to an option of a free platform. As the data protection landscape continues to change, our commitment to user privacy remains steadfast.”

Ultimately, on account of the study, regulators filed formal GDPR complaints against both Grindr and MoPub. While the EU’s governing body investigates, Twitter thought it more prudent to cut off Grindr until the issue is resolved.

What is the GDPR, and Do U.S. Companies Need to Follow It?

The General Data Protection Rule is an online privacy law enacted by the European Union. Every commercial website in the world — (ads count as commercialization) — that allows European access and deploys trackers is beholden to the law.

Click here to read more about the General Protection Data Rule.

Connect with a U.S. GDPR Lawyer to Make Sure You’re Compliant

Is your business website compliant with all GDPR guidelines? Even if you’re based in the United States, there’s a high chance the law still applies.

The Gordon Law Group works with clients across the country and around the world. Get in touch today. Discover why our clients rate us 10 out of 10 on respected lawyer review website

Contact Gordon Law Group

Submit your information to schedule a confidential consultation

Recommended Reading: