Grindr faces lawsuit over alleged data breach involving users’ HIV status
Gay dating app Grindr faces a lawsuit in the English High Court over an alleged major data breach, which involved users’ HIV status.
A claim is expected to be filed at the High Court today against Grindr over an alleged breach of the Data Protection Agreement (DPA), breach of the General Data Protection Regulation (GDPR), and the misuse of private information.
The alleged data breach included highly sensitive information about people’s HIV status and latest tested date.
The claim is brought by Austen Hayes, a legal business that is part of the AIM-listed professional services group Gateley.
Austen Hayes said that it has been investigating allegations that Grindr breached data protection laws by sharing users’ personal and sensitive data for profit with third party advertising companies.
Back in 2021, the Norwegian Data Protection Authority hit the dating app with a 100m krona (£8.5m) fine over breach of data. The regulator found Grindr had illegally disclosed user data to advertising firms.
A year after, the UK Information Commissioner’s Office issued Grindr with a reprimand after finding that it had infringed the UK GDPR.
The dating app agreed to go public in a $2.1bn (£1.7bn) SPAC deal in 2022, which came to fruition in November 2022 when Grindr went public on the New York Stock Exchange.
Now, the dating app faces legal action in England. The claim stated that Grindr unlawfully processed and shared users’ data with third parties, including advertising companies Localytics and Apptimize.
Austen Hays further claims that these third parties either served the advertisements themselves or acted as ‘adtech’ intermediaries, potentially passing on data to fourth parties. The claim alleges that third/fourth parties may have retained some of the shared data for their own purposes after the advertisement had been served.
Additionally, the claim further alleges that Grindr received payment or commercial benefits from the third and fourth parties with whom it shared users’ personal data as a source of revenue in exchange for such sharing.
There are currently 670 claimants already signed up to the claim. It is understood that Austen Hayes will apply to the court for a Group Litigation Order (GLO) down the line.
Commenting on the claim, Chaya Hanoomanjee, Austen Hays managing director and leading lawyer said: “Our clients have experienced significant distress over their highly sensitive and private information being shared without their consent, and many have suffered feelings of fear, embarrassment and anxiety as a result.”
“Grindr owes it to the LGBTQ+ community it serves to compensate those whose data has been compromised and have suffered distress as a result, and to ensure all its users are safe while using the app, wherever they are, without fear that their data might be shared with third parties.”
“Grindr users who think they may be affected by this breach should join the claim so that we can seek redress for them,” she added.
A spokesperson for Grindr said: “We are committed to protecting our users’ data and complying with all applicable data privacy regulations, including in the UK. We are proud of our global privacy program and take privacy extremely seriously. We intend to respond vigorously to this claim, which appears to be based on a mischaracterisation of practices from more than four years ago, prior to early 2020.”
The story was updated to include Grindr’s comments.