Today is international data protection day, a day to highlight the importance of Data Protection and the right to privacy. But please don’t let that put you off reading further, I appreciate that when you say the words ‘Data Protection’ most people’s eye’s glaze over. And in many ways that’s deserving, it does have a bad rep, but also it’s far more important than that.
Let me ask you a question, are you a user of the app Grindr? If not, then this is just a fascinating article for you. If so, you really do need to be aware of what Grindr has been up to with your data.
When you use these apps, you expect them to take care of the data given that a wide range of people from our community use such apps. Yes for hook-ups, but also for contact and even just reaching out for those in remote communities or those unable to be ‘out’ where they live/work/other.
The knowledge of where a gay/bi/trans/non-binary user is and indeed their data around their personal pictures is something that, if misused, can be used to huge detrimental effect.
Grindr has had a troubled history with its Data Protection and Cyber Security protections. In 2020 a flaw in its security was highlighted to it by a ‘hacker’ and highlighted concerns over some back Cyber Security principles and standards with the online app. As an early user of Grindr, I remember the various bugs, crashes, data quality flaws that the app has faced over the years. This recent flaw highlighted some concerns in basic account security settings for an App that should now be ‘more mature’ in its approach to protecting customer data.
Earlier in 2018, Grindr made headlines as it was revealed that Grindr was owned by a Chinese firm linked (like most Chinese firms seem to be) to the Chinese Government. A regime, claimed by many Countries, to be engaged every minute of every day in cyber warfare. In 2020 the concerns became so much that the Chinese firm announced it was selling its shares in Grindr to a US-based company.
An app that contains location, names, photos, sexuality and HIV status details of millions of users around the globe has had a chequered past of inappropriate data sharing and storage.
This was highlighted again this week after it was announced that the Data Protection Regulator in Norway was intending to fine Grindr NOK100,000,000 (or around €10M or ~$12.1M). If the fine goes ahead, this will be one of the more serious fines under Data Protection (almost 10% of Grindr’s annual turnover last year) that we have seen since the introduction of the GDPR.
The Danish regulator investigated Grindr after a complaint was raised around Grindr’s sharing of personal data, specifically what it tells users and how it’s ‘take it or leave it’ consent is unlawful under Data Protection law.
The investigation found that Grindr was sharing users personal data with third parties for marketing purposes (including location, profile data and the fact the person has an account on Grindr (itself a revealing characteristic)). Grindr states that it informs you, the user, of this and you consent to it. When it has been found that they don’t, as what they do provide you is unclear and misleading in the way it is written.
It’s worth noting that Grindr isn’t the only one to engage in such practices. Several investigations over a range of dating and fertility apps around the globe have revealed some creepy behaviour from the majority of them. Grindr, it would seem, given the context of the platform, is just the most recent to be called out for its poor data sharing practices.
Why you should care about your data
So why is this an issue? Why should you, a ‘motivated’ user, for one thing, care about your Data Protection? The key is choice. Under Data Protection you can choose to use a service and not be subjected to marketing or irrelevant data sharing. You pay or want to use an app to do X or Y or Z. Not to then have your messages, images, profile data and even the fact you are on the app shared with other parties without your knowledge, or indeed consent.
For the vulnerable in our community, Grindr (or other such apps) can be a lifeline to allow them to express themselves and reach others. This practice can only ever be creepy unless you are happy with it and are happy to have your details shared. Knowledge and choice. Such laws are there to go give you, the individual, the power to know, understand and chose what you want to happen and not to be forced into doing it because you have no real choice.
As members of the LGBT community, we know in our history what the power of data can do. It can build and connect; it can also destroy and damage. While I’m not advocating dumping Grindr as this is a chance for them to improve their practices, I encourage you to see Data Protection as more than just a dull legalistic thing. It is every day in everything. Even if you chose to give away your data, which is your right and freedom, at least make an informed choice.
P.S. You might also want to take a look at WhatsApp and Facebook. They wrote the book on being creepy and it’s only getting worse.
Opinions expressed in this article may not reflect those of THEGAYUK, its management or editorial teams. If you'd like to comment or write a comment, opinion or blog piece, please click here.
