Report: Grindr, OkCupid, and Tinder are all sharing sensitive user data with third parties

When downloading dating apps, users put a great deal of trust in companies to protect some of their most sensitive data. That trust is unwarranted, according to a new report from The New York Times. Grindr, OkCupid, and Tinder are reporting user data to at least a dozen companies, based on research from the government-funded Norwegian Consumer Council.

The Norwegian Consumer Council has filed complaints today asking that Grindr and five ad tech companies be investigated for violating European data protection laws.

While not exactly surprising — remember when Grindr sent users’ HIV statuses to third-party companies? — this kind of broad personal data-sharing is still a disappointing breach of user privacy. Much of this information could have serious implications for users if it fell into the wrong hands.

Way too much sensitive info is being shared — The amount of precise data being shared by these dating apps is staggering. The research shows that Grindr, for example, shares user-tracking codes along with the app’s name to third parties, essentially flagging users’ sexual orientation for advertising purposes. Grindr also shares users’ precise locations; the NYT’s tests showed exact latitude and longitude being sent to five different companies.

OkCupid was shown to have shared users’ ethnicities and answers to very personal profile questions with more than 300 marketing companies. Tinder, for its part, is sending users’ genders and the genders they mark as “looking for” to at least two marketing companies as well.

Preliminary responses are not promising — So far none of the companies involved have issued anything close to apologies or displays of shame.

Match Group, the company that owns OkCupid and Tinder, said it works with companies to ensure only the most necessary data is being shared with third parties. The statement goes on to say the company has complied with all privacy laws and has strict contracts to keep user data secure.

Grindr says it hasn’t yet received a copy of the report and for that reason could not comment on the content. Instead, the company stated vaguely that Grindr values users’ privacy and had described its data practices in its privacy policy.

A crucial time for privacy law — App creators work closely to ensure they aren’t breaking any laws, often exploiting loopholes to profit off of users’ sensitive data. This is most apparent in apps such as those for dating, where users really put themselves out there by sharing so much personal information. Some places are making moves on this front — California’s new privacy law is a good example of progress in this area — but policymakers are not moving quickly enough to keep up with internet growth. This data-sharing can have serious, real-world consequences for users, and policymakers will need to catch up quickly to protect them.