A class-action lawsuit against LGBTQ+ dating and hookup app Grindr claims that thousands of users’ data in the UK, including their HIV status, has been shared with third parties. The lawsuit, filed on Monday by British law firm Austen Hays, accuses Grindr of violating British data protection laws by sharing sensitive information with third parties without users’ consent.
The information disclosed included users’ HIV status, as well as data on their ethnicity, sex life, and sexual orientation. Austen Hays claims that the data breaches occurred before April 2018 and between May 2018 and April 2020, «although they may extend to subsequent periods».
The data was transferred to the advertising companies Localytics and Apptimize, which, according to the law firm, «will allow a potentially unlimited number of third parties to target and/or customize ads to» users. Grindr received payment from third and fourth parties with whom the company shared personal data and also retained some of that data.
More than 670 plaintiffs have already joined the class action, and Austen Hays says there are thousands more interested in joining. The company says that the victims could receive thousands of pounds if the case is successful, «given the seriousness of the breach». Violation of data privacy rules can lead to significant fines for the company.
Grindr has already been penalized for data breaches in the past. In December 2021, the company was fined 65 million Norwegian kroner, or about $6 million, after it was found to have disclosed personal data to third parties for advertising without legal grounds. In 2022, the UK Information Commissioner’s Office also reprimanded the company after it found that it had violated the UK General Data Protection Regulation.
Source: Business Insider