this post was submitted on 22 Apr 2024
337 points (98.0% liked)

Technology

59569 readers
4136 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Hundreds have joined a UK class action lawsuit against LGBTQ+ dating app Grindr, seeking damages over a historical case of the company allegedly forwarding users' HIV status as well as other sensitive data to third-party advertisers.

This data included a user's HIV status and their last test date, their sexual preferences, and their GPS location – all of which were added to public profiles by users and later gathered up by Grindr's trackers.

The Norwegian Data Protection Authority (NO DPA) fined Grindr 65 million Norwegian kroner in 2020 ($5.9 million at today's exchange rate) for violating GDPR's consent rules. NO DPA's case didn't mention any violations regarding the sharing of HIV data or information about a user's sexual preferences. However, it ruled that third parties had received a user's GPS location, IP address, advertising ID, age, gender, and the fact that they used the app, and concluded that Grindr had disclosed user data to third parties "for behavioural advertisement without a legal basis."

The Electronic Privacy Information Center (EPIC) said in October last year it was pushing for the FTC to probe the app maker after finding that it was retaining user data even after accounts were deleted – a practice Grindr's privacy policy explicitly says it wouldn't do.

all 33 comments
sorted by: hot top controversial new old
[–] Fiivemacs@lemmy.ca 106 points 7 months ago (3 children)

Always assume all companies will sell your data regardless of what they say and or claim...why is this hard for people to understand? None of these companies have your interests in mind, they don't care. It's all profit.

[–] foggy@lemmy.world 29 points 7 months ago (3 children)

Love when apps need a govt id to verify id.

Looking at you, Facebook.

[–] sugar_in_your_tea@sh.itjust.works 22 points 7 months ago (2 children)

Yeah, not touching that with a 10ft poll.

The only groups that need my govt details are those who interact with the government, and I don't want my social media apps to do any of that.

[–] seSvxR3ull7LHaEZFIjM@feddit.de 9 points 7 months ago* (last edited 7 months ago) (2 children)

I discovered what works with Youtube (for age verification) is sending a picture of an ID with everything redacted but the date of birth, so that the date was the one and only thing visible. That worked! Although it could've really been anyone's ID, lol.

I'd just send my middle finger with an old-enough birthdate (not mine) written on it.

[–] hemko@lemmy.dbzer0.com 1 points 7 months ago (1 children)

Wait YouTube requires id verification to view "mature" content?

[–] 4am@lemm.ee 5 points 7 months ago

Not normally but if your account gets reported for being a minor or something they might. Possibly also for receiving money from ad income if you post content as well?

[–] foggy@lemmy.world 3 points 7 months ago (1 children)

I told Facebook I wouldn't even consider taking the picture of my ID, let alone sending it, let alone to them.

I just deleted my account and installed "Facebook Container" in Firefox. Seems to have solved my problem pretty well.

[–] systemglitch@lemmy.world 0 points 7 months ago (1 children)

What does Facebook need id for exactly?

[–] Fiivemacs@lemmy.ca 1 points 7 months ago (1 children)
[–] systemglitch@lemmy.world 0 points 7 months ago
[–] EncryptKeeper@lemmy.world 0 points 7 months ago

When did that happen?

[–] lemmylommy@lemmy.world 18 points 7 months ago

That doesn’t mean we should accept it.

[–] mark@programming.dev 5 points 7 months ago* (last edited 7 months ago) (1 children)

I get the sense that most people on this platform get it. It's the people that would never even be on Lemmy to see this advice that I worry about. Those are the ones that need to keep seeing these posts and comments like yours.

[–] cybersin@lemm.ee 2 points 7 months ago

Exactly. It's absurd that we allow companies to get away with shit like this.

[–] Ultragigagigantic@lemmy.world 13 points 7 months ago

There are other hookup websites yall. Adam4adam has always been more responsive then grindr for me. Could be different in your area I guess.

[–] lautan@lemmy.ca 9 points 7 months ago (2 children)

What data isn't up for sale?

[–] smileyhead@discuss.tchncs.de 8 points 7 months ago

Data that someone don't have.

[–] Mango@lemmy.world 3 points 7 months ago

I know something I'm not selling.

[–] autotldr@lemmings.world 4 points 7 months ago

This is the best summary I could come up with:


Hundreds have joined a UK class action lawsuit against LGBTQ+ dating app Grindr, seeking damages over a historical case of the company allegedly forwarding users' HIV status as well as other sensitive data to third-party advertisers.

A total of 670 individuals have joined the class action, filed today in England's High Court, and lawyers Austen Hays believe the number could rise into the thousands.

The discovery that the data may have been shared with analytics firms led to heavy criticism of the app maker, which at the time didn't apologize for its alleged role in the furor, but did alter its privacy policy soon after.

Its then-CTO Scott Chen said Grindr would never sell the kind of sensitive data researchers specified to third parties, and reminded users that any information they themselves added to their profile would become public.

In addition to the claim brought to Grindr in the UK, the company is also facing flak in the US, as recently as October 2023, again for alleged data protection failings.

Chaya Hanoomanjee, managing director at Austen Hays and the lawyer leading the UK claim, said: "Our clients have experienced significant distress over their highly sensitive and private information being shared without their consent, and many have suffered feelings of fear, embarrassment, and anxiety as a result.


The original article contains 848 words, the summary contains 216 words. Saved 75%. I'm a bot and I'm open source!

[–] JayObey711@lemmy.world 4 points 7 months ago

What are you even advertising to those people? Is there something that people with HIV are really into collectively? I mean despite medication, but that is free in the UK, right?

[–] gravitas_deficiency@sh.itjust.works -5 points 7 months ago* (last edited 7 months ago) (6 children)

Ooh boy. In the states, that’d be a Big Fucking HIPAA Violation and they’d be pretty seriously boned. As in: they might be fined out of existence.

I assume the UK has some similar mechanisms. I will say that it’s more than a bit shocking that literally ANYONE at ANY LEVEL at Grindr thought this would be in any way, shape, or form morally or legally justifiable.

Edit: yeah, they’re not a covered entity so not applicable. Still unbelievably shitty.

[–] cm0002@lemmy.world 25 points 7 months ago

Actually no, Grindr is not a HIPAA covered entity (Such as a healthcare provider or clinic) or a "business associate" of a covered entity (Such as a Third-party to process and/or transmit medical data on behalf of a covered entity)

Now if Grindr had Grindr owned STD clinics that people got tested at and somehow that info got onto the app that would be a HIPAA violation.

An app asking you and you providing STD status freely, or any medical status for that matter, isn't. (Unless it's an app that bills itself as a medical something)

[–] Dudewitbow@lemmy.zip 19 points 7 months ago

HIPAA only applies of its your doctor or a medical institution does it. it doesnt stop people you may know/businesses unrelated to the field from disclosing said info.

[–] Ebby@lemmy.ssba.com 10 points 7 months ago

In the states, that’d be a Big Fucking HIPAA Violation

Is it though? If memory serves, users willfully providing medical info isn't a breach, unlike if they accessed that info directly from the doctor.

[–] xor@lemmy.blahaj.zone 9 points 7 months ago

As people have said, it's actually perfectly legal in the US, horrifyingly.

But the UK has very strict data protection laws which we inherited from when we were in the EU, and medical data is explicitly considered sensitive. If they actually did sell medical information, they're in deep shit, legally.

[–] Neato@ttrpg.network 8 points 7 months ago

Unfortunately it's not a HIPAA violation. That only covers medical providers. No one else is beholden to HIPAA.

[–] Mango@lemmy.world 7 points 7 months ago

Have you ever once heard of a company being fined out of existence?