“It is surprisingly and disturbingly cheap to obtain location data derived from mobile phones,” Davisson said. “It’s easy enough that a determined party can do it.”
U.S. Sen. Ron Wyden, an Oregon Democrat, said the incident confirms yet again the dishonesty of an industry that falsely claims to safeguard the privacy of phone users.
“Experts have warned for years that data collected by advertising companies from Americans’ phones could be used to track them and reveal the most personal details of their lives. Unfortunately, they were right,” he said in a statement. “Data brokers and advertising companies have lied to the public, assuring them that the information they collected was anonymous. As this awful episode demonstrates, those claims were bogus — individuals can be tracked and identified.”
Wyden and other lawmakers asked the FTC last year to investigate the industry. It needs “to step up and protect Americans from these outrageous privacy violations, and Congress needs to pass comprehensive federal privacy legislation,” he added.
Norway’s data privacy watchdog concluded earlier this year that Grindr shared personal user data with a number of third parties without legal basis and said it would impose a fine of $11.7 million (100 million Norwegian krone), equal to 10% of the California company’s global revenue.
The data leaked to advertising technology companies for targeted ads included GPS location, user profile information as well as the simple fact that particular individuals were using Grindr, which could indicate their sexual orientation.
The advertising partners that Grindr shared data with included Twitter, AT&T’s Xandr service, and other ad-tech companies OpenX, AdColony and Smaato, the Norwegian watchdog said. Its investigation followed a complaint by a Norwegian consumer group that found similar data leakage problems at other popular dating apps such as OkCupid and Tinder.
In a statement, Grindr called The Pillar’s report an “unethical, homophobic witch hunt” and said it does “not believe” it was the source of the data used. The company said it has policies and systems in place to protect personal data, although it didn’t say when those were implemented. The Pillar said the app data it obtained about Burrill covered parts of 2018, 2019 and 2020.
This article originally appeared here.