Jan 15, 2020

Dating apps, menstrual trackers accused of violating European data privacy law

Illustration: Sarah Grillo/Axios

Grindr, OkCupid, Tinder, Qibla Finder and MyDays X are among 10 apps feeding user data — such as ethnicity, location, gender and age — to digital ad companies, nonprofit Norwegian Consumer Council found in a report released on Tuesday.

Why it matters: These dating, prayer guidance and menstrual cycle or fertility tracking apps collect information from some of the most intimate parts of users' lives. The council argues that sharing this data violates a European data protection law that went into effect last year.

What they found: OkCupid sent user data about sexual desires, drug and alcohol use, and political views to analytics company Braze, as well as users' ethnicity and GPS coordinates.

  • Tinder shared users' GPS location and "target gender" — or data on sexual orientation. Facebook and Salesforce got information to track users across different services through advertising IDs, which don't necessarily attach names to data.
  • Grindr, an LGBTQ dating site, shared users' location to AT&T's AppNexus, Twitter's MoPub, OpenX, AdColony and others.
  • MyDays, a period tracker and fertility app, provided users' IP addresses, GPS location and WiFi access point information.

Flashback: Grindr changed its policy of sharing users' HIV status with its third-party vendors last year after initially defending its position.

Our thought bubble, via Axios' Ina Fried: There’s a fundamental disconnect between the amount of information one would normally share with an online service and the information needed to find a compatible mate.

What they're saying: "I think most American, most people, don't realize how much data your phone is generating about you and your life every single day," John Demers, assistant attorney general for national security at the Justice Department, told NBC News. NBC analyzed four popular dating apps, including Grindr and Tinder, to see what information is collected.

  • The Match Group, which owns Tinder and OkCupid, said in a statement that it only shares information in line with the California Consumer Privacy Act and the GDPR, and doesn't commercialize users' data. Match Group's products were not named in NCC companion complaints filed with the Norwegian Data Protection Authority.
  • Grindr did not respond to request for comment. The company told the New York Times in a statement on Tuesday that it had not received a copy of the report and could not comment on its content.

What's next: The council's formal complaints against Grindr, Twitter's ad platform and AT&T's AppNexus could mean fines — like the $57 million penalty slapped on Google in 2018 over telling users how their data is collected.

Go deeper: Location data is ground zero in privacy wars

Editor's note: This piece has been updated with a Match Group statement that its products were not named in NCC companion complaints.

Go deeper

Tinder to debut panic button for when users feel unsafe

Photo: Omar Marques/SOPA Images/LightRocket via Getty Images

Tinder will debut a feature later this month that will allow users to hit a panic button if they feel physically unsafe on a date gone wrong, the Wall Street Journal reports.

Why it matters: Critics have previously called out Tinder for not doing more to ensure the safety of users and filtering out possibly dangerous users, especially following reports of sexual assaults after connections made via the app.

Go deeperArrowJan 23, 2020

Antivirus provider Avast shutters controversial marketing arm

Avast is shutting down a controversial subsidiary that shared anonymized user data with marketing clients.

Driving the news: For years, Avast, which offers users free antivirus services, sold user data to marketers through a subsidiary, according to a report from Motherboard and PC Magazine.

Go deeperArrowJan 30, 2020

Big Tech tries to curb coronavirus misinformation

Illustration: Aïda Amer/Axios

Big Tech companies are responding to the Chinese coronavirus outbreak in two main ways: limiting employee travel to China and trying to make sure their users have access to accurate health information.

Why it matters: Like the virus itself, the spread of misinformation is hard to slow.

Go deeperArrowJan 30, 2020 - Science