Grindr named in UK lawsuit over sharing HIV data


Grindr may have unlawfully shared information about its users, including their HIV status, with third-party advertisers, the lawsuit has claimed.

The claim lodged in the high court in London on Monday (April 22nd) alleges that the world’s leading gay dating app shared highly sensitive user information with third party advertisers in a breach of British data protection laws.

Users’ HIV status and latest tested date, as well as information about their ethnicity, sex life, and sexual orientation, may have been sold for commercial purposes without their consent, according to the class action lawsuit.

So far, 670 people have joined the claim, but “thousands” more could sign up, according to Austen Hay, a law firm that brought the case to the court. The firm said claimants could receive thousands of pounds in damages “given the severity of the breach.”

Grindr said it intends to respond "vigorously" to the claim, which it argues was based on a mischaracterization of practices from more than four years ago.

"We are committed to protecting our users' data and complying with all applicable data privacy regulations, including in the UK. We are proud of our global privacy program and take privacy extremely seriously," Grindr spokesperson said in a statement shared with Cybernews.

The alleged data breaches mainly took place before April 3, 2018, and between 25 May 2019 and 7 April 2020. In April 2018, Grindr said it would stop sharing HIV data with third parties after a Norwegian non-profit exposed the practise.

Grindr changed how it obtained consent in April 2020.

The claim filed in the English court says that Grindr unlawfully processed and shared users’ data with third parties, including two advertising companies, which was then potentially passed on to fourth parties.

It also says that these other parties may have retained some of the shared data for their own purposes, while Grind received payment or commercial benefits in exchange for shared data.

“Our clients have experienced significant distress over their highly sensitive and private information being shared without their consent, and many have suffered feelings of fear, embarrassment and anxiety as a result,” said Austen Hays managing director Chaya Hanoomanjee, who leads the claim.

“Grindr owes it to the LGBTQ+ community it serves to compensate those whose data has been compromised and have suffered distress as a result, and to ensure all its users are safe while using the app, wherever they are, without fear that their data might be shared with third parties,” Hanoomanjee said.

Record fine in Norway

The Los Angeles-based company was previously imposed a record 65 million Norwegian krone, or $6 million, fine by the Norwegian Data Protection Authority in 2021 for violating the EU’s privacy laws.

While Norway is not a member of the EU, it is bound by the bloc’s General Data Protection Regulation (GDPR) as part of the European Economic Area. Grindr appealed the decision, but the Norwegian Privacy Appeals Board upheld the ruling last year.

Similarly to the lawsuit in the UK, the Norwegian data protection authorities argued thousands of Grindr users in Norway had their personal data unlawfully disclosed to other companies “in order to serve Grindr’s commercial interests.”

However, the Norwegian authorities did not focus on the users’ HIV status, but rather said that the mere disclosure that an individual is a Grindr user was a violation of GDPR. They said information about someone’s sexual information was granted “particular protection” under EU’s law.

While Grindr could not further appeal that decision, it sued the Norwegian authorities over their interpretation of GDPR. The company told the Norwegian broadcaster NRK that its data sharing practices were in line with the industry standards of the time and were no longer in use.

It also said it feared the implications of the Norwegian decision on its operations in the rest of Europe and would also seek for the record fine – which accounts to almost 10% of the company’s global revenues – to be removed or reduced.

According to the information provided to the Apple’s App Store, Grindr may collect data about its users for reasons including app functionality, analytics, and advertising.

It is one of the few dating apps disclosing that it may collect health-related data, but users can opt-out from including self-reported health statuses within the app, and nothing is collected from the user’s device, the company said.

Launched 15 years ago, Grindr markets itself as the “best and easiest” place for gay, bisexual, and transgender individuals and those exploring their sexuality to meet new people for friendships, hookups, dates, and more.