UK lawsuit hit Grindr over HIV data sharing—here's how to protect yourself
The LGBTQ+ dating app is accused of allegedly sharing users' sensitive info with ad firms without their consent
Over a thousand Grindr users are suing the tech company in London. The world's largest dating app for the LGBTQ+ community is accused of sharing people's most private and sensitive information, including in some cases HIV status, with third parties for commercial purposes without their consent.
Grindr isn't new to trouble. While increasingly more governments have been banning its usage—it's the second-most banned social media app worldwide, in fact—the way the company handles users' data has also attracted strong criticism since its inception.
While the ongoing legal battle takes its course, for Pride Month 2024 it's crucial to learn how to use the popular dating app more anonymously. Keep reading as I talk more about what's at stake and how tricks like using the best VPN services can help you stay safe.
Grindr UK lawsuit: what's at stake
Austen Hays, the London law firm working on the case, confirmed to TechRadar that approximately 1500 people have now joined the UK lawsuit, with more victims expected to come forward in the next months.
Claimants seek compensation over breaches that allegedly took place between 2018 and 2020. In 2021, the Norwegian Data Protection Authority already fined the tech company over $7 million after an investigation confirmed the misuse of highly sensitive user data.
"The important thing to note about this case is that it's not a leak," Chaya Hanoomanjee, Managing Director at Austen Hays, told me. "The data was shared intentionally, which is why it makes it such a serious claim. It reflects so badly on Grindr because it wasn't an unfortunate incident."
Hanoomanjee refers to other privacy failings involving the LGBTQ+ dating platform. These include Grindr's ex-head of privacy Ronald De Jesus accusing the company of illegally retaining data after people deleted their accounts. He was allegedly fired in January 2023 for raising concerns about the company prioritizing "profit over privacy," Business Insider reported. However, today's CPO of Grindr, Kelly Peterson Miranda, vigorously rejects such claims, deeming the ongoing lawsuit unfair and "a mischaracterization of practices that happened two management teams ago."
Get daily insight, inspiration and deals in your inbox
Sign up for breaking news, reviews, opinion, top tech deals, and more.
On her side, though, Hanoomanjee believes that the victims' compensation is still required despite these incidents only being historic, as such data mishandling greatly impacts those affected in many different ways. "Our clients tell us that it has caused them significant distress knowing that their data was shared in the past," Hanoomanjee told me.
Some people, she explained, have felt the pressure to come out with friends and family. Others have felt very unsafe while traveling in countries where being gay is currently a crime.
A gay man, who allegedly had his HIV-positive status shared with commercial parties to feed him tailored ads online, said to the Guardian he felt his personal medical details were treated like "a piece of meat."
At the time of writing, the law firm is still investigating whether or not privacy violations actually stopped in 2021—after Norwegian authorities confirmed that illegal data practices occurred.
Grindr may have shared or sold your data to third parties without your consent.Demand Justice by joining our class action👇https://t.co/s3PDFvkKER#DataPrivacy #GrindrClassAction pic.twitter.com/FV0WkCqC60May 30, 2024
Grindr's CPO ensures that that information was only shared with two service providers, with the purposes of "rolling and monitoring the feature" and in an "encrypted manner." She added that this is and was clearly stated in the company's privacy policy.
Today's Grindr's Privacy Policy does indeed state that the app "shares Personal Information with a number of third-party partners," including service ad and marketing partners among others. However, as previously confirmed by Norwegian authorities, the app has been accused of breaching privacy laws in the past by failing to secure explicit consent to process sensitive personal data, including medical data.
Moreover, even though Grindr's Privacy Policy may now be more clear about data sharing practices, Hanoomanjee also believes the company should be realistic about the fact that not many people take time to read terms and conditions in full before signing in for a service.
"If you are advertising yourself as a safe place for the LGBTQ community to meet, I would question the need to share this data at all," she told me. "Our clients have told us to date they would certainly not be comfortable with their identity or anything being shared with any other parties."
It is worth noting, though, that at the time of writing, the latest version of Grindr's Privacy Policy, which results updated about a year ago (22/06/2023), also reads: "For the avoidance of doubt, Grindr only shares HIV status, Last Tested Date, and vaccination status with necessary Service Providers such as companies that host data on our behalf (i.e., Amazon Web Services) or help in processing data access requests you initiate ( i.e., PartnerHero)."
How to boost your privacy on Grindr
While the UK lawsuit is still ongoing—and we could expect its outcome not to be revealed anytime soon—it's crucial for you to learn how to stay more anonymous when using the platform.
Whether or not the company violates privacy regulations, the point is that every time you use a digital service like Grindr, you agree that some of your data will be tracked and used. However, you can still take some steps to better protect your identity online.
First and foremost, Hanoomanjee strongly recommends reading the terms and conditions and privacy policy of the chosen service upfront. This will help you to determine for yourself whether or not you're willing to accept the company's conditions. "I think it's important to go into dating apps, particularly Grinder, with your eyes open as to what might happen with your information," she said.
Gay, bisexual, transgender, and queer people across 13 countries worldwide cannot access the popular app unless using a secure VPN or similar IP-spoofing service. This includes countries such as Iran, Lebanon, Oman, Qatar, Saudi Arabia, Türkiye, the UAE, China, Indonesia, Pakistan, and, from last year, also Jordan and Tanzania. Malaysia joined the list of countries banning Grindr on April 17, 2024.
Furthermore, while some pieces of information like date of birth, email address, or phone number are essential to set up an account, other details such as HIV status, profile pictures, and location are all optional—although "failing to provide certain information may impact the functionality of certain services," the company explains. It's therefore worthwhile carefully evaluating your level of risk and minimizing the data sharing as much as possible.
Be mindful, though, that when it comes to location details, the company may continue to display your profile based on your relative distance from other users, even if you choose to hide your distance information. You then have to revoke the location-sharing permission directly from your device settings.
Using reliable VPN software is also vital to using the app more anonymously, and I strongly recommend doing so especially if you live in a country with a negative track record against the LGBTQ+ community. A VPN, short for virtual private network, encrypts your internet connections and spoofs your IP address. This prevents the collection of some of those invisible digital traces that would otherwise be collected about you and your activities.
Last, but not least, you should always be extremely cautious about giving out personal data when chatting with other users. For instance, a Tory MP was recently caught in a sexting phishing scandal where he was manipulated into giving away colleagues' phone numbers via the app.
Disclaimer
We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.
Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up. She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com