A number of popular apps, including OKCupid and Grindr, have been irresponsibly sharing highly personal user information with third parties, according to a report by the Norwegian Consumer Council (NCC).
The investigation suggests that these apps could potentially be in breach of EU data protection laws. The report described the “data sharing and processing” of the adtech industry as “out of control” despite laws meant to “limit most, if not all, of the practices identified”.
NCC researchers examined ten Android apps, which they say were transferring data to at least 135 third parties.
Gay dating app Grindr was found to be sharing information, including users’ IP addresses, GPS locations, age and gender with third party advertisers and profiling firms.
OKCupid apparently shared sensitive data about its users’ drug use, political views and sexuality. The collection of this type of information is illegal unless the user has given explicit consent
Facebook, Google and Twitter along with a number of smaller firms were found to be receiving data from the apps, according to the NCC.
“These practices are out of control and in breach of European data protection legislation, said Finn Myrstad of the NCC. “The extent of tracking makes it impossible for us to make informed choices about how our personal data is collected, shared and used.”
Targeting people based on their political views is illegal in the UK, and US-based Google claims it does not allow advertisers to target UK citizens based on their political views, religion, sexual orientation or membership in a trade union.
Grindr said it has not examined the report, while OKCupid owner Match Group said it only shared necessary data to provide its services.
- TSB Opening High-Tech IT Centre in Edinburgh, Creating 100 Digital Jobs
- Police Scotland Begins Roll-out of Controversial Cyber Kiosk Devices
- Money Advice Scotland to Pilot New Open Banking Tool
A spokesperson for the group, which also owns Tinder, said: “Tinder and OkCupid use third party providers to assist with technical operations and providing our overall services, similar to all other apps and online platforms.
“For example, OkCupid uses Braze to manage communications to its users about its services. We only share the specific information deemed necessary to operate our platform, in line with the applicable laws including GDPR and CCPA.
“All Match Group products obtain from these vendors strict contractual commitments that ensure confidentiality, security of users’ personal information and strictly prohibit commercialisation of this data.”
Jim Killock, the executive director of digital rights organisation the Open Rights Group, said: “This report shows that the most sensitive facts about people’s personal lives are being shared in irresponsible and unlawful ways through people’s mobile phones.
“The regulators have the power to investigate and protect people’s privacy. The UK’s Information Commissioner is absolutely key, as many mobile apps are businesses based in the UK. That is why we have called on her to investigate today.”