WASHINGTON, April 5, 2018 — As Facebook users continue to learn more about how the social networking pioneer allowed third parties to gain access to contact information, lists of friends, interests, and other information, the companies behind another social networking app are beginning to face scrutiny over whether they allowed far more sensitive information to fall into the hands of third parties.
In a letter to the company’s interim CEO released Tuesday, Senators Ed Markey, D-Mass., and Richard Blumenthal, D-Conn. inquired as to whether the makers of Grindr — a social networking and dating app used by gay and bisexual men — allowed third parties to gain access to information users provided about their HIV status as well as other personal information.
“Grindr collects highly personal information about its users — information as sensitive as their health, sexual orientation, sexual preferences, and geolocation,” the senators wrote.
“Simply using an app should not give companies a license to carelessly handle, use, or share this type of sensitive information. Grindr and those with whom it shares its users’ sensitive data has an obligation to both protect this data and ensure users have meaningful control over it.”
The Grindr app allows users to locate other self-identified gay or bisexual men around them, listing them by the GPS geolocated distance from the user. Like many dating apps, users can set up profiles which include their age, gender, height, weight and ethnicity among other parameters, and use a search function to only view the users whose profiles include the desired parameters.
Unlike most dating apps, however, two of those parameters are a user’s HIV status and the date of the user’s last HIV test. Information on Americans’ HIV status is largely protected by the 1996 Health Insurance Portability and Accountability Act — better known as HIPPA — however such regulations would not presumably apply to medical data that users provide voluntarily to a social networking app.
A Norwegian research organization found sensitive data sent to third parties
In-app notices from the company to Grindr users assures that their personal information is never shared. But an analysis of Grindr app traffic by SINTEF, a Norwegian research outfit, found that both HIV status and test date data is included in packets sent to two companies that offer services for testing and improving mobile apps, Apptimize and Localytics.
In their letter to Grindr, Sens. Markey and Blumenthal request responses by April 17 on a number of topics, including whether Grindr obtains “affirmative opt-in consent to use, share, or sell” users’ personal information — including HIV status and last test date — and whether Grindr imposes any requirements or restrictions on the third parties with whom it shares data.
The aenators also sent identical letters with identical queries to executives at Apptimize and Localytics.
Big scrutiny for big data since Cambridge Analytica 'data spill'
Social network privacy has been under scrutiny following disclosures regarding Cambridge Analytica, the “big data” firm employed by President Trump’s 2016 campaign.
The company, a subsidiary of the UK-based SCL Group, obtained the data of millions of Facebook users under the pretense of a personality test, which was later used to target voters with ads based on their likes, friend lists, and other information. Facebook executives on Wednesday revealed that up to 87,000,000 Americans’ data may have been obtained by third parties.
Founder and CEO Mark Zuckerberg said that he will explain the company’s actions — or lack thereof — during a joint hearing of the Senate Commerce and Judiciary Committees next week.
(Photo by Jared King of Navajo Nation used with permission.)