Some of the most popular dating apps have been accused of playing fast and loose with particularly sensitive data. The Norwegian Consumer Council has published a report accusing Grindr, OKCupid and Tinder of spreading various degrees of information about GPS location, sexuality and other personal information in irresponsible ways. While Grindr has vowed not to share HIV statuses and some sexual gropu identification with ad partners, it transmits user tracking info and the app's name to over a dozen companies, effectively identifying users as LGBT. OKCupid even sent data on drug use, ethnicity and political views to the analytics firm Braze.
The report also accused ad tech companies of generally serving as go-betweens, particularly Twitter's MoPub. It's used as a "mediator" for Grindr's personal data, the Consumer Council said, passing it along to companies like AT&T's AppNexus and OpenX. They, in turn, reserve rights to share that info to a wide variety of companies. MoPub lists over 160 partners in total -- it's "impossible" for users to offer true consent on how each of those companies uses their data, according to the Consumer Council.
Moreover, most of the apps in the study (including non-dating apps like Muslim - Qibla Finder and the period tracker Clue) don't provide clear info about what you're consenting to or any in-app settings to control what you're sharing. You frequently have to wade through legal documents to understand what's happening, or contact the companies directly to withdraw consent. Grindr and others also tend to use a "mix of legal bases" to handle data collection, making it difficult to know just what methodology is being applied and when.
Accordingly, the Consumer Council and the privacy group Noyb are filing GDPR complaints against Grindr, Twitter, AppNexus, OpenX and two other ad tech firms, AdColony and Smaato. The two privac advocate groups want to "shift the significant power imbalance" between users and third parties and ensure that people can make "informed choices" about how their data is shared, the Consumer Council's Finn Myrstad said.
"Braze takes the security and privacy of its customers' data very seriously and discloses, in compliance with applicable privacy law, how it processes data. We give our customers total and absolute control over what data they share with Braze, and we only collect first-party data. Braze also complies with GDPR, CCPA and other privacy laws, and proactively informs customers of the stringent privacy requirements of the Apple App Store and Google Play policies.