Popular dating apps like Grindr, OkCupid and Tinder are sharing users' intimate details with dozens of advertising and marketing companies in ways that may violate privacy laws, a new study has found.
The leaked data includes information that could indicate the users' sexual preferences and behavior, as well as other details like age, gender, birthdays, location data, IP address and ID numbers associated with smartphones, which can be traced back to an individual.
Which apps are guilty of sharing intimate information?
Grindr, the world's most popular gay dating app, shared user-tracking codes and user history to more than a dozen companies, which presumably will target users based on their sexual orientation, according to the report, which was published by the Norwegian Consumer Council (NCC).
The New York Times found that Grindr also shared a user's location data with numerous companies, which in turn would then share the data with several other businesses. Researchers also discovered that the OkCupid dating app leaked a user's ethnicity and personal answers to personal profile questions like "Have you used psychedelic drugs?" to a company that customizes marketing messages to be sent to users.
A company called Braze received information from OkCupid and Grindr used by people for matchmaking purposes including details about sexuality, political views, and drug use. Another app called Perfect365, a photo-editing and makeover app, also sent users' GPS data to more than 70 companies.
The other apps found to be sharing user information with other companies include dating apps like Happn and Tinder, as well as menstrual-cycle tracking and ovulation calendar apps like Clue and MyDays. The list also includes the religious app Muslim - Qibla Finder, which shows Muslims what direction to face while praying; the children's app My Talking Tom 2; and the keyboard app Wave Keyboard.
Which companies are receiving the information?
The list of companies that are receiving your personal information include big names like Amazon, Facebook and Google, but most of them are unheard of such as AppsFlyer, Fysical, and Receptiv. Many of these companies make money by compiling details about individual consumers and build comprehensive profiles in order to target personalized ads.
Are they violating privacy laws?
The privacy policies of these apps usually make it clear that their data will be shared with third parties, but experts believe these policies do not share enough information with users before they choose to give meaningful consent.
For instance, Grindr's privacy policy says its advertising partners "may also collect information directly from you". The policy goes on to explain that the ways the third parties collect, use or share your information is regulated by their own privacy policies, but it doesn't specify the names of the companies, should you choose to investigate further.
Companies like Braze state that they may pass on your information to additional companies, which forms an invisible chain reaction of data-sharing. Even if you had the time to read through all the privacy policies, you wouldn't know where to look
"These practices are both highly problematic from an ethical perspective, and are rife with privacy violations and breaches of European law," said Finn Myrstad, the director of digital policy at the NCC in a press release (Via Consumer Reports).
The NCC report comes just two weeks after California enforced a broad new consumer privacy law that requires companies that monetize users' personal information to allow them to easily stop the spread of their information.
Moreover, regulators in the European Union are also stepping up enforcement of their own data protection law, which prohibits companies from collecting personal information related to the users' religion, ethnicity, sexual orientation, sex life and other sensitive subjects without their explicit consent.