Grindr and a handful of other dating apps are getting publicly pummeled for sharing personal user data, including location data and sexual preferences, with third-party companies.
But Grindr, OKCupid, Tinder and others are not alone. The practice is pervasive among every type of app.
A report released Tuesday by the Norwegian Consumer Council, an Oslo-based nonprofit, found after an analysis of 10 popular apps that none allowed users to make “an informed choice” about how their data would be used, which is a core tenet of Europe’s General Data Protection Regulation.
Grindr, a dating app that serves the gay, bi, trans and queer community, was called out as one of the worst offenders.
Based on its findings, the Norwegian Consumer Council filed a series of complaints with the Norwegian Data Protection Agency alleging GDPR violations against Grindr and several of its ad tech partners, including MoPub, AT&T’s AppNexus, OpenX, Smaato and AdColony.
MoPub and Smaato were quick to distance themselves from Grindr. MoPub disabled Grindr’s account on Monday pending an investigation into the “sufficiency of Grindr’s consent mechanism,” and Smaato blocked all Grindr traffic to its platform “until further notice.” Because of MoPub’s reach as a mediation platform, its move effectively also cuts Grindr off from many of its other ad tech partners.
Yet, “the entire industry is built around this kind of data being shared,” said Eric Seufert, editor of Mobile Dev Memo.
“It’s shocking, perhaps, because of the app that’s being highlighted and the potential personal security issues associated with it but, otherwise, it’s pretty anodyne and it happens with every single app,” Seufert said. “I don’t think it’s fair to single out a business that’s doing the same thing everyone else is doing.”
But, to be fair, you’ve gotta start somewhere. Just because ubiquitous data sharing between apps and third parties is the status quo, doesn’t mean it should be.
Laws such as the GDPR and the California Consumer Privacy Act (CCPA) are starting to shine a light on what it means to gather proper consent and provide consumers with real choice … although the report argues that ad tech is so complex, it’s impossible to architect a viable consent mechanism.
The fact that publishers habitually share their data with multiple different ad networks “is crazy,” said David Philippson, CEO and co-founder of Dataseat, a UK-based startup that helps app developers in-house their programmatic media buying operations.
The underlying question, he said, is what are they doing with the data?
“Hence the issue with Grindr, which was sensitive because of the nature of the application – you might not have had the same reaction if it were a game app,” Philippson said. “But the underlying concern is the same: Advertisers have got to think long and hard about who they are sharing data with and how.”