Grindr Faces Heat for Sharing Users' HIV Status with Other Companies

At a time when social media platforms are increasingly under the scanner for their data collection practices, gay dating app Grindr is facing criticism for sharing users' HIV status with other companies without their explicit consent. Norwegian research group SINTEF analysed the app's traffic and found that HIV status, which users can optionally include in their profile, is sent to third-parties like Apptimize and Localytics (in HTTPS) without informing the users of the same.

Reading through the company's privacy policy, Grindr warns users to be mindful of the kind of information they include in their profile, although nowhere does it explicitly state if it shares them with other companies (emphasis mine):

Profile Information. We may collect Personal Data from you. For example, in the Grindr App, we may collect your photo, display name, relationship status, ethnicity, age or date of birth, geo-location data, email address, password for the Grindr Services, height, weight, social network link, “Looking For,” “About Me,” “Favorites,” “Blocks,” “Tribes” and any other information that you voluntarily add to your profile on the Grindr App or that is generated through your use of the Grindr Services. You may also have the option to provide information concerning health characteristics, such as your HIV status or Last Tested Date. Remember that if you choose to include information in your profile, and make your profile public, that information will also become public. As a result, you should carefully consider what information to include in your profile.

Third Party Tracking Companies. We may share your hashed Device ID, Profile Information, Distance Information, and demographic information with our advertising and analytics partners. These third parties may also collect information directly from you as described in this Privacy Policy. The privacy policy of these third party companies applies to their collection, use and disclosure of your information. For example, one of our many partners is Google Analytics which collects information anonymously and report website trends without identifying individual visitors.

Third Party Service Providers. We may share your Personal Data with third party service providers to: provide you with the Grindr Services; conduct quality assurance testing; provide technical support; and/or to provide other services to Grindr. Except as otherwise stated in this Privacy Policy, these third party service providers are required by contract not to use your Personal Data other than to provide the services requested by Grindr.

But, as Buzzfeed points out, "the average person may not know or understand what they've agreed to in the fine print. Some experts argue that Grindr should be more specific in its user agreements about how it's using their data." The incident also comes close on the heels of a similar privacy flap last week that exposed Grindr users' location to third-parties, raising concerns about it handles sensitive personal information, especially in countries where homosexuality is criminalised.

In a statement to TechCrunch, Grindr responded by stating that it never will "sell personally identifiable user information – especially information regarding HIV status or last test date – to third parties or advertisers... As an industry leader and champion for the LGBTQ community, Grindr, recognizes that a person’s HIV status can be highly stigmatized but after consulting several international health organizations and our Grindr For Equality team, Grindr determined with community feedback it would be beneficial for the health and well-being of our community to give users the option to publish, at their discretion, the user’s HIV Status and their Last Tested Date. It is up to each user to determine what, if anything, to share about themselves in their profile."

Update: Axios is now reporting that Grindr will stop sharing HIV status with third-parties.