On Monday, the news website Buzzfeed released a story revealing Grindr , the gay hookup app, was sharing personally identifiable information, including HIV status information with third parties. Grindr is one of the most popular gay hookup apps on the market, with over 3.6 million daily active users. Buzzfeed learned that Grindr was sharing certain pieces of user information with two companies, Apptimize and Localytics, companies that operate in the background to help Grindr optimize their user experience. (Note: In a statement, Grindr have said they will no longer be sharing HIV status information with third parties).
Later the same day, Grindr released a public post to address the story and set out four points intended to clear up any misinformation around Buzzfeed’s story. Rather than admitting they had made mistakes and laying out how they would address them, they took a defensive approach, shifting responsibility onto their users. Here I will discuss these four statements and unpack them in an attempt to understand what went wrong.
1. Grindr has never, nor will we ever sell personally identifiable user information – especially information regarding HIV status or last test date – to third parties or advertisers.
It is important to be honest with users about what information is being shared, who this information is being shared with, and for what purpose. Grindr states here that they never sell personally identifiable user data to third parties. However, they do not address non-identifiable data. Non-identifiable data is the same data but anonymized. What does this mean? Simply put, it means the same data but with any uniquely identifiable attributes, such as your name or your e-mail address removed. Non-identifiable data is still very valuable, but history has shown us that it can often be de-anonymized when correlated with other data sets. Whilst Grindr and similar companies give reassuring messages to users that their personally identifiable information is not sold, more transparency is needed around non-identifiable data. How is it shared? With whom? And for what purpose? And importantly, how is it protected to prevent it from being de-anonymized in the future?
2. As an industry standard practice, Grindr does work with highly-regarded vendors to test and optimize how we roll out our platform. These vendors are under strict contractual terms that provide for the highest level of confidentiality, data security, and user privacy.
3. When working with these platforms we restrict information shared except as necessary or appropriate. Sometimes this data may include location data or data from HIV status fields as these are features within Grindr, however, this information is always transmitted securely with encryption, and there are data retention policies in place to further protect our users’ privacy from disclosure.
Social media companies share data with third parties. There is a whole industry that runs behind large companies like Grindr which support them in various different ways, from analytics helping them improve their software, to payment system allowing them to invoice customers. It is important to recognize the value of these third parties. In many ways they are the hidden companies of the Internet, we use their services each day but few of us have ever heard their names. Ever heard of Cloudflare? Probably not, but I could almost guarantee that you have used their services multiple times today without realizing it. If we are to accept that sharing of personal data with third parties is valuable and here to stay, how can companies like Grindr share user data without violating privacy expectations? Firstly, they need to move away from the current “better to beg for forgiveness than to ask for permission” model of managing user data, especially in Grindr’s case where begging is replaced with blaming.
Going forward, perhaps social media companies could employ a simple privacy rule when evaluating decisions related to users’ personal data. “If a user would be surprised by how their personal data is being used, something is broken”. No user should ever be surprised by how their data is being shared, however legally compliant the sharing of that information is. Users should be appropriately informed prior to consenting to how their data is being used and clearly Grindr’s current model is broken. After all, companies should be applying an ethical test, as well as a legal test to their data sharing practices.
I don’t know the reason behind Grindr’s decision to share their users’ HIV status information with third parties. Perhaps it allowed them to make more appropriate advert targeting, avoiding insensitive adverts for HIV testing and PrEP to HIV positive users. Whatever the reason, Grindr has failed to be transparent with its users and has taken no responsibility for this failing. Grindr has built a community, and in order for it survive it must respect the privacy of that community which means considering both the legal and ethical aspects to data sharing. It needs to be open and honest with users on how their data is being used, otherwise it will lose their trust. Once trust is gone, even begging will not help.