Hundreds have joined a UK class action lawsuit against LGBTQ+ dating app Grindr, seeking damages over a historical case of the company allegedly forwarding users’ HIV status as well as other sensitive data to third-party advertisers.

This data included a user’s HIV status and their last test date, their sexual preferences, and their GPS location – all of which were added to public profiles by users and later gathered up by Grindr’s trackers.

The Norwegian Data Protection Authority (NO DPA) fined Grindr 65 million Norwegian kroner in 2020 ($5.9 million at today’s exchange rate) for violating GDPR’s consent rules. NO DPA’s case didn’t mention any violations regarding the sharing of HIV data or information about a user’s sexual preferences. However, it ruled that third parties had received a user’s GPS location, IP address, advertising ID, age, gender, and the fact that they used the app, and concluded that Grindr had disclosed user data to third parties “for behavioural advertisement without a legal basis.”

The Electronic Privacy Information Center (EPIC) said in October last year it was pushing for the FTC to probe the app maker after finding that it was retaining user data even after accounts were deleted – a practice Grindr’s privacy policy explicitly says it wouldn’t do.

  • FiveMacs
    link
    fedilink
    English
    arrow-up
    109
    arrow-down
    3
    ·
    8 months ago

    Always assume all companies will sell your data regardless of what they say and or claim…why is this hard for people to understand? None of these companies have your interests in mind, they don’t care. It’s all profit.

    • foggy@lemmy.world
      link
      fedilink
      English
      arrow-up
      30
      arrow-down
      1
      ·
      8 months ago

      Love when apps need a govt id to verify id.

      Looking at you, Facebook.

      • sugar_in_your_tea@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        22
        ·
        8 months ago

        Yeah, not touching that with a 10ft poll.

        The only groups that need my govt details are those who interact with the government, and I don’t want my social media apps to do any of that.

        • seSvxR3ull7LHaEZFIjM@feddit.de
          link
          fedilink
          English
          arrow-up
          10
          arrow-down
          1
          ·
          edit-2
          8 months ago

          I discovered what works with Youtube (for age verification) is sending a picture of an ID with everything redacted but the date of birth, so that the date was the one and only thing visible. That worked! Although it could’ve really been anyone’s ID, lol.

            • 4am@lemm.ee
              link
              fedilink
              English
              arrow-up
              5
              ·
              8 months ago

              Not normally but if your account gets reported for being a minor or something they might. Possibly also for receiving money from ad income if you post content as well?

        • foggy@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          8 months ago

          I told Facebook I wouldn’t even consider taking the picture of my ID, let alone sending it, let alone to them.

    • mark@programming.dev
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      8 months ago

      I get the sense that most people on this platform get it. It’s the people that would never even be on Lemmy to see this advice that I worry about. Those are the ones that need to keep seeing these posts and comments like yours.

      • cybersin@lemm.ee
        link
        fedilink
        English
        arrow-up
        2
        ·
        8 months ago

        Exactly. It’s absurd that we allow companies to get away with shit like this.