Study: Dating apps share personal details far, wide
Spreading some of that data may violate privacy laws
Popular dating services like Grindr, OkCupid and Tinder are spreading user information like dating choices and precise location to advertising and marketing companies in ways that may violate privacy laws, according to a new report that examined some of the world’s most downloaded Android apps.
Grindr, the world’s most popular gay dating app, transmitted user-tracking codes and the app’s name to more than a dozen companies, essentially tagging individuals with their sexual orientation, according to the report, which was released Tuesday by the Norwegian Consumer Council, a government-funded nonprofit organization in Oslo.
Grindr also sent a user’s location to multiple companies, which may then share that data with many other businesses, the report said. When The New York Times tested Grindr’s Android app, it shared precise latitude and longitude information with five companies.
The researchers also reported that the OkCupid app sent a user’s ethnicity and answers to personal profile questions — like “Have you used psychedelic drugs?” — to a firm that helps companies tailor marketing messages to users. The Times found that the OkCupid site had recently posted a list of more than 300 advertising and analytics “partners” with which it may share users’ information.
“Any consumer with an average number of apps on their phone — anywhere between 40 and 80 apps — will have their data shared with hundreds or perhaps thousands of actors online,” said Finn Myrstad, the digital policy director for the Norwegian Consumer Council, who oversaw the report.
The report, “Out of Control: How Consumers Are Exploited by the Online Advertising Industry,” adds to a growing body of research exposing a vast ecosystem of companies that freely track hundreds of millions of people and peddle their personal information. This surveillance system enables scores of businesses, whose names are unknown to many consumers, to quietly profile individuals, target them with ads and try to sway their behavior.
The report appears two weeks after California enacted a broad new consumer privacy law. Among other things, the law requires many companies that trade consumers’ personal details for money or other compensation to allow people to easily stop the spread of their information.
In addition, regulators in the European Union are stepping up enforcement of their own data protection law, which prohibits companies from collecting personal information without a person’s explicit consent.
The Norwegian group said it planned to file complaints Tuesday asking regulators in Oslo to investigate Grindr and five ad tech companies for possible violations of the European data protection law. A coalition of consumer groups in the U.S. said it was also sending letters to American regulators, urging them to investigate whether the companies’ practices violated federal and state laws.