PRESS RELEASE: EPIC Urges FTC to Investigate Grindr’s Personal Data Practices
October 4, 2023
In a complaint filed Wednesday, the Electronic Privacy Information Center (EPIC) called on the Federal Trade Commission (FTC) to investigate the popular LGBTQ+ dating app Grindr for its potentially unlawful retention and disclosure of users’ sensitive personal data.
EPIC’s complaint highlights Grindr, LLC’s checkered history of protecting the privacy and safety of its users and troubling allegations made by Grindr’s former Chief Privacy Officer Ronald De Jesus in his recent wrongful termination lawsuit against Grindr.
Grindr appears to have retained and disclosed sensitive user data—including users’ account information, messages, and photos sent via the platform—after users deleted their Grindr accounts. Grindr also apparently failed to implement adequate data security practices and to control employee access to user data. And Grindr appears to have retained and disclosed sensitive health information—including users’ HIV status, last tested date, and vaccination status—in violation of commitments made in Grindr’s privacy policies. As EPIC writes:
EPIC’s complaint calls on the FTC to investigate Grindr for unfair and deceptive practices in violation of Section 5 of the FTC Act and for violations of the Health Breach Notification Rule. EPIC further urges the FTC to enjoin any unlawful data practices confirmed in its investigation and to impose penalties against Grindr for any violations of the Health Breach Notification Rule.
“There’s good reason to believe that Grindr has betrayed the trust and violated the privacy of its users,” EPIC Director of Litigation John Davisson said. “It’s critical that the Federal Trade Commission step in and conduct a thorough investigation of Grindr’s personal data practices. Grindr users deserve peace of mind that their sensitive personal data will be protected from mishandling and misuse.”
EPIC has played a leading role in developing the authority of regulators to safeguard the rights of consumers, ensure the protection of personal data, and address privacy violations. EPIC previously called attention to Grindr’s failure to protect users from harassment and abuse by filing an amicus brief in Herrick v. Grindr.
EPIC is a public interest research center in Washington, D.C., established in 1994 to focus public attention on emerging privacy and civil liberties issues and to secure the fundamental right to privacy in the digital age for all people through advocacy, research, and litigation. EPIC pursues a wide range of program activities including policy research, public education, conferences, litigation, publications, and advocacy. EPIC routinely files amicus briefs in federal courts, pursues open government cases, defends consumer privacy, organizes conferences for NGOs, and speaks before Congress and judicial organizations about emerging privacy and civil liberties issues. EPIC works closely with a distinguished advisory board, with expertise in law, technology and public policy.
PDF version of this press release available here.