UK lawsuit hit Grindr over HIV data sharing—here's how to protect yourself

Over a thousand Grindr users are suing the tech company in London. The world's largest dating app for the LGBTQ+ community is accused of sharing people's most private and sensitive information, including in some cases HIV status, with third parties for commercial purposes without their consent.

Grindr isn't new to trouble. While increasingly more governments have been banning its usage—it's the second-most banned social media app worldwide, in fact—the way the company handles users' data has also attracted strong criticism since its inception.

While the ongoing legal battle takes its course, for Pride Month 2024 it's crucial to learn how to use the popular dating app more anonymously. Keep reading as I talk more about what's at stake and how tricks like using the best VPN services can help you stay safe.

Grindr UK lawsuit: what's at stake

Austen Hays, the London law firm working on the case, confirmed to TechRadar that approximately 1500 people have now joined the UK lawsuit, with more victims expected to come forward in the next months.

Claimants seek compensation over breaches that allegedly took place between 2018 and 2020. In 2021, the Norwegian Data Protection Authority already fined the tech company over $7 million after an investigation confirmed the misuse of highly sensitive user data.

"The important thing to note about this case is that it's not a leak," Chaya Hanoomanjee, Managing Director at Austen Hays, told me. "The data was shared intentionally, which is why it makes it such a serious claim. It reflects so badly on Grindr because it wasn't an unfortunate incident." 

Hanoomanjee refers to other privacy failings involving the LGBTQ+ dating platform. These include Grindr's ex-head of privacy Ronald De Jesus accusing the company of illegally retaining data after people deleted their accounts. He was allegedly fired in January 2023 for raising concerns about the company prioritizing "profit over privacy," Business Insider reported. However, today's CPO of Grindr, Kelly Peterson Miranda, vigorously rejects such claims, deeming the ongoing lawsuit unfair and "a mischaracterization of practices that happened two management teams ago."

On her side, though, Hanoomanjee believes that the victims' compensation is still required despite these incidents only being historic, as such data mishandling greatly impacts those affected in many different ways. "Our clients tell us that it has caused them significant distress knowing that their data was shared in the past," Hanoomanjee told me. 

Some people, she explained, have felt the pressure to come out with friends and family. Others have felt very unsafe while traveling in countries where being gay is currently a crime. 

A gay man, who allegedly had his HIV-positive status shared with commercial parties to feed him tailored ads online, said to the Guardian he felt his personal medical details were treated like "a piece of meat."

At the time of writing, the law firm is still investigating whether or not privacy violations actually stopped in 2021—after Norwegian authorities confirmed that illegal data practices occurred.

Grindr's CPO ensures that that information was only shared with two service providers, with the purposes of "rolling and monitoring the feature" and in an "encrypted manner." She added that this is and was clearly stated in the company's privacy policy. 

Today's Grindr's Privacy Policy does indeed state that the app "shares Personal Information with a number of third-party partners," including service ad and marketing partners among others. However, as previously confirmed by Norwegian authorities, the app has been accused of breaching privacy laws in the past by failing to secure explicit consent to process sensitive personal data, including medical data.

Moreover, even though Grindr's Privacy Policy may now be more clear about data sharing practices, Hanoomanjee also believes the company should be realistic about the fact that not many people take time to read terms and conditions in full before signing in for a service. 

"If you are advertising yourself as a safe place for the LGBTQ community to meet, I would question the need to share this data at all," she told me. "Our clients have told us to date they would certainly not be comfortable with their identity or anything being shared with any other parties." 

It is worth noting, though, that at the time of writing, the latest version of Grindr's Privacy Policy, which results updated about a year ago (22/06/2023), also reads: "For the avoidance of doubt, Grindr only shares HIV status, Last Tested Date, and vaccination status with necessary Service Providers such as companies that host data on our behalf (i.e., Amazon Web Services) or help in processing data access requests you initiate ( i.e., PartnerHero)."

How to boost your privacy on Grindr

While the UK lawsuit is still ongoing—and we could expect its outcome not to be revealed anytime soon—it's crucial for you to learn how to stay more anonymous when using the platform.

Whether or not the company violates privacy regulations, the point is that every time you use a digital service like Grindr, you agree that some of your data will be tracked and used. However, you can still take some steps to better protect your identity online.

First and foremost, Hanoomanjee strongly recommends reading the terms and conditions and privacy policy of the chosen service upfront. This will help you to determine for yourself whether or not you're willing to accept the company's conditions. "I think it's important to go into dating apps, particularly Grinder, with your eyes open as to what might happen with your information," she said.

Furthermore, while some pieces of information like date of birth, email address, or phone number are essential to set up an account, other details such as HIV status, profile pictures, and location are all optional—although "failing to provide certain information may impact the functionality of certain services," the company explains. It's therefore worthwhile carefully evaluating your level of risk and minimizing the data sharing as much as possible.

Be mindful, though, that when it comes to location details, the company may continue to display your profile based on your relative distance from other users, even if you choose to hide your distance information. You then have to revoke the location-sharing permission directly from your device settings. 

Using reliable VPN software is also vital to using the app more anonymously, and I strongly recommend doing so especially if you live in a country with a negative track record against the LGBTQ+ community. A VPN, short for virtual private network, encrypts your internet connections and spoofs your IP address. This prevents the collection of some of those invisible digital traces that would otherwise be collected about you and your activities.

Last, but not least, you should always be extremely cautious about giving out personal data when chatting with other users. For instance, a Tory MP was recently caught in a sexting phishing scandal where he was manipulated into giving away colleagues' phone numbers via the app.