If you’ve ever used dating apps, you may agree that they can be a bit of a … well, grind. But on top of worrying about whether a selfie could make or break your love life, some Grindr users may have even more to worry about.
Grindr, a popular dating and social networking app for the LGBTQ+ community, is currently embroiled in a significant legal challenge in the U.K. The lawsuit accuses the company of improperly sharing sensitive user data, including HIV status, with advertisers without their users’ consent. This case highlights critical issues surrounding data privacy and the responsibilities of digital platforms to protect user information.
Grindr’s Privacy Policy
The California-based Grindr is one of the most popular dating apps out that that’s specifically targeted to an LBGTQ+ demographic. With 13 million active users monthly, it describes itself as “the world’s largest social networking app for gay, bi, trans, and queer people.”
Recently, it’s been in the Federal Trade Commission’s (FTC) crosshairs. This federal agency protects consumers by enforcing laws against deceptive and unfair business practices, including those related to consumer data and privacy. They investigate companies (like social media platforms) that might be collecting or using user data in a way that harms consumers, ensuring companies are transparent and respectful of user privacy choices.
The FTC is responsible for enforcing section 5(a) of the FTC Act, a federal law prohibiting unfair or deceptive commerce practices. The FTC also makes its own rules, including the Health Breach Notification Rule. This rule requires covered entities (including Grindr) to notify their users when the security of their personal health records has been breached.
Grindr had a history of holding itself out as a company that cared about its users’ sensitive information; the company’s logo is a mask, and the app is advertised as allowing for anonymity. It doesn’t require users to display their name, age, or photo in their dating profiles — quite different from what many dating apps require. This is because Grindr acknowledged that some of its users may not be “out,” with one survey showing that 18% of the app users are still “in the closet.” The company’s privacy policy alleges that it is committed to user privacy, stating: “Our goal is to put you in control of as much of the Personal Information that you share within the Grindr Properties as possible . . . If you decide to delete your account, your Personal Information will no longer be made available via the Services and will generally be deleted within 28 days.”
The company does disclaim that it shares app users’ personal info to certain third parties. But it says it only shares health information (e.g., HIV status, vaccination status, last tested date) with “necessary service providers” and uses it to send testing reminders to users. It says it does not disclose this information to ad companies. Its Data Retention Policy purports to prohibit third-party providers from indefinitely retaining user data.
However, according to a recent lawsuit, Grindr hasn’t followed these promises.
Check out our free legal resources for more information on HIV discrimination or LGBTQ+ legal issues.
Brits File Class Action
The new lawsuit is a U.K.-based class action that targets incidents reportedly occurring between 2018 and 2020 — before Grindr updated its privacy and user consent guidelines in April 2020.
The class action, filed by London based law firm Austen Hay, involves more than 670 plaintiffs who claim that their private information was unlawfully disclosed. According to the lawsuit, the data shared includes highly sensitive details such as users’ HIV status and sexual orientation. This breach, claimants argue, violated U.K. data protection laws by compromising their privacy and causing them distress.
This lawsuit follows a reprimand from the U.K. Information Commissioner’s Office two years ago, which found that Grindr had failed to provide “effective and transparent privacy information” to its U.K. users regarding the processing of their personal data.
Allegations
Like many other dating apps, Grindr has different “tiers” of functionality. To unlock the feature that allows users to see potential partners in their vicinity, users must share their location data with the app. However, according to an article in the Wall Street Journal, Grindr sold location data to ad networks, including to religious companies such as the Catholic publication The Pillar.
The lawsuit claims that according to Grindr’s former Chief Privacy Officer, the company knew it was violating privacy policies on multiple levels, but didn’t do anything about it. In June 2023, the CPO filed a wrongful termination lawsuit against Grindr, claiming that the company fired him in retaliation for highlighting its privacy violations and pushing for reform of privacy practices. His complaint alleges that even after users delete their accounts, Grindr continues to store user data (including private messages and self-reported HIV status). He claims that Grindr executives were notified about the privacy violations but were not amenable to taking action.
What to Expect
The plaintiffs’ attorneys have suggested that thousands more users may have been affected and could join the class action. They’ve expressed confidence that their plaintiffs could receive substantial compensation due to the severity of the breach.
Grindr has firmly denied the allegations, stating that it has never shared user-reported health information for commercial purposes or monetized their data. A spokesman emphasized the company’s commitment to user privacy and compliance with all applicable data privacy regulations, including those within the U.K.
The case outcome could affect trust in Grindr and similar online apps, potentially prompting users to demand greater transparency and accountability from these platforms.
Related Resources:
Game, Set, Match: Dating App Company Sued for Playing With Your Head (FindLaw’s Law and Daily Life)
Can a Dating Site Be Sued If Your Date Turns Dangerous? (FindLaw’s Law and Daily Life)
Unionized Tech Workers Refuse to Go Back to the Old Grind[r] (FindLaw’s Law and Daily Life)
The post Grindr Faces Lawsuit in U.K. for Misuse of Sensitive User Data appeared first on .