Hundreds of users of the gay dating app Grindr have alleged the company shared their private information, including their HIV status, with third parties, a law firm said on Monday.
Austen Hays said it was filing the mass data protection lawsuit at London’s High Court and claimed thousands of Grindr users in the UK may have been affected.
The firm alleges users’ highly sensitive information, including HIV status and the date of their latest HIV test, was provided to third parties for commercial purposes.
It said around 670 people had signed up to the lawsuit over breaches said to have taken place between 2018 and 2020, with potentially thousands more joining the case.
Austen Hays’ managing director Chaya Hanoomanjee said in a statement: “Grindr owes it to the LGBTQ+ community it serves to compensate those whose data has been compromised and have suffered distress as a result, and to ensure all its users are safe while using the app, wherever they are, without fear that their data might be shared with third parties.”
A Grindr spokesperson said: “We are committed to protecting our users’ data and complying with all applicable data privacy regulations, including in the UK.
“Grindr has never shared user-reported health information for ‘commercial purposes’ and has never monetised such information.
“We intend to respond vigorously to this claim, which appears to be based on a mischaracterisation of practices from more than four years ago, prior to early 2020.”
This is not the first time Grindr’s data protection practices have come under scrutiny.
In 2021, it was fined £5.5m by Norwegian authorities over its handling of personal user data.
The country’s Data Protection Authority (DPA) found it had broken GDPR rules by sharing data including GPS location, user profile information and even the fact that users are on Grindr, which could reveal their sexual orientation and therefore merit special protection.
Grindr was also reprimanded in 2022 by the UK’s Information Commissioners’ Office (ICO) for failing to “provide effective and transparent privacy information to its UK data subjects in relation to the processing of their personal data”.
