TikTok tracked user’s Grindr activity in violation of European law, rights group alleges
TikTok and the gay dating app Grindr are violating European data protection laws by tracking user activities across apps, a digital rights organization alleged Wednesday.
One of the complaints from the Vienna-based digital rights organization None of Your Business (noyb) says that TikTok acknowledged under pressure that it tracked a user’s activities on Grindr as well as other apps.
Europe’s General Data Protection Regulation (GDPR) gives individuals special protections for data involving sensitive information, including sexual orientation. The complainant also did not give TikTok explicit consent to process data relating to his activities off the app, a complaint says.
TikTok could even see which items the complainant added to a shopping cart on an app other than Grindr, according to noyb.
The man says he repeatedly asked TikTok to tell him how his data was being used, something companies are required to do under European law. The platform allegedly gave the man incomplete and hard to understand information in response to his data access requests on multiple occasions, noyb said in two complaints filed December 9.
The Israeli online data broker AppsFlyer “likely” facilitated the unauthorized data sharing, noyb said. AppsFlyer and Grindr are subjects of one of the complaints alongside the ByteDance-owned TikTok.
Spokespersons for TikTok, Grindr and AppsFlyer did not immediately respond to a request for comment.
“Like many of its US counterparts, TikTok increasingly collects data from other apps and sources,” Kleanthi Sardeli, a data protection lawyer at noyb, said in a statement. “The fact that data from another app revealed this user’s sexual orientation and sex life is just one of the more extreme examples.”
The organization has had significant legal successes in the past. Its complaints have spurred European data privacy regulators to fine several tech companies in recent years, including Google, Meta, Spotify, Grindr and Netflix. At the end of 2023, Meta was fined € 1.2 billion ($1.4 billion) and ordered to no longer transfer Europeans’ personal data to the U.S. as the result of a noyb complaint.
TikTok was fined €530 million ($622 million) by Irish regulators in May for how it transferred European users’ data to China and for failing to follow the GDPR’s transparency requirements about the transfers.
Grindr is currently being sued for allegedly sharing users’ HIV status with third parties without obtaining their consent.
Suzanne Smalley
is a reporter covering privacy, disinformation and cybersecurity policy for The Record. She was previously a cybersecurity reporter at CyberScoop and Reuters. Earlier in her career Suzanne covered the Boston Police Department for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington with her husband and three children.