Earlier this month, Grindr users learned that the company was sharing sensitive data such as user locations, sexual orientation, and sexual practices as well as HIV status with third parties. Anyone with this sort of information could, with some technical expertise, identify specific users and use it for undesirable or even harmful purposes, such as denying access to health care or a job, for example. Even though most of the information provided in the app was freely given by its users, sharing it with third parties without specific consent amounts to a serious violation of privacy.
Dating apps specifically designed for gay, bi, and transgender men, like Grindr, Hornet, or Scruff, transformed the social dynamics of our community. They enabled gay and bisexual men to find friends and dates everywhere -- lessening the risk of violence and alleviating the discomfort that first connections may cause. The apps have also become a useful tool for men still in the closet, as they make it possible for them to experience gay sex or relationships more easily. In countries where being gay is illegal, these apps did not make gay life easier, but they represented an alternative for those who are in constant fear of state-sponsored persecution.
Like most of the free services on the internet, these apps adopt a business model based on advertising. In order to run targeted ads, they collect data about their users, such as their geolocation, operating system, type of device, pictures, and profile information. Based on this data, companies are able to serve personalized ads, which have an increased value for advertisers. That's how these companies are able to offer free versions of the apps. While premium-version users may be free from seeing ads, they are not free from data collection. Prices they pay merely work as an additional source of revenue. Since gay men are considered to be a “dream demographic” by brands because of their higher-than-average disposable income, even though most users may not be paying to use the apps, they are certainly generating revenue for the companies.
Included in the data these companies collect are very sensitive pieces of information, such as users’ self-declared HIV status. In many ways, the introduction of this feature was an important step forward for our community. Considering that early detection of the virus improves the success rate of the treatment, the apps play an important public health role when they provide sexual health information and urge their users to get tested regularly for HIV. This may also be helpful for fighting stigma -- by declaring to be HIV-positive, a user is put in an empowered position of control of his own health and body. In addition, this encourages users to talk about the issue, allowing potential partners to make better informed choices about sexual practices.
Aware of the far reach of such apps within our community, policymakers around the world are engaging with them to raise sexual health awareness and fight discrimination. In Brazil, Congress is now debating Law Bill No. 9778/2018, which compels dating apps to promote online and offline initiatives with these purposes.
But when collecting users’ personal (and very sensitive) information, apps like Grindr must take on the responsibility of protecting user data by implementing transparent, informative, and restrictive privacy policies. Unfortunately, that is not the case for Grindr, Hornet, or Scruff. Instead of providing strong safeguards for the data they collect, their privacy policies seem to be specifically drafted to be generic and with strategic loopholes, giving them broad powers to use our data for various purposes, including sharing it with third parties. They also fail to commit to adopt technical measures to make our data secure, such as using encryption technology to protect it from hackers and other forms of unauthorized access.
Thus, as shocking as it can be, the revelations involving Grindr are not a scandal but apparently a standard practice in the industry. The public outcry was more than fair. By being negligent with its users’ privacy, Grindr might have outed or exposed people to moral and physical harm. Needless to say, gay bi, and transgender men are constantly exposed to violence and discrimination in every part of the world. This is true, above all, in countries with high levels of homophobia, where being singled out for being gay or having HIV may lead to social isolation or worse. Companies serving our community should be mindful of that when dealing with our data. Hopefully they will treat the incident as a wake-up call and give us more actual protections than just empty apologies. If not, we should be prepared to demand them.
DENNYS ANTONIALLI is a constitutional law professor at the University of São Paulo, Brazil, and the executive director of InternetLab, an independent law and technology research center.
THIAGO DIAS OLIVA is a Ph.D. candidate at the University of São Paulo, Brazil, and the head of the Freedom of Expression initiative at InternetLab.