Hundreds of users of gay dating app Grindr have alleged that the company shared their personal information, including their HIV status, with third parties, a law firm said Monday.
Austen Hayes said it is filing a massive data protection lawsuit in London’s High Court and claimed thousands of Grindr users in the UK could be affected.
The firm alleges that highly sensitive information, including users’ HIV status and the date of their latest HIV test, was provided to third parties for commercial purposes.
It said about 670 people had signed the lawsuit over violations that occurred between 2018 and 2020, with potentially thousands more to join the case.
Chhaya Hanumanji, managing director of Austen Hayes, said in a statement: “Grindr is grateful to the LGBTQ+ community for its actions to compensate those whose data was compromised and who suffered as a result, And to ensure that all its users are safe when using the app.” Wherever they are, without the fear that their data may be shared with third parties.”
A spokesperson for Grindr said: “We are committed to protecting our users’ data and complying with all applicable data privacy regulations, including in the UK.
“We are proud of our global privacy program and we take privacy extremely seriously.
“We intend to respond vigorously to this claim, which appears to be based on a misrepresentation of practices dating back more than four years, before the beginning of 2020.”
Read more from Sky News:
Hugh Edwards resigns from BBC
Warwick Davis apologizes after social media post causes concern
This isn’t the first time Grindr’s data security practices have come under scrutiny.
In 2021, it was Fined £5.5m by the Norwegian authorities on the management of personal user data.
The country’s Data Protection Authority (DPA) found that it broke GDPR rules by sharing data including GPS location, user profile information and even the fact that users are on Grindr, which could reveal their sexual orientation. and hence requires special protection.
Grindr was also reprimanded by the UK Information Commissioner’s Office (ICO) in 2022 for “failing to provide effective and transparent privacy information to its UK data subjects in relation to the processing of their personal data”.