According to initial research by Antoine Pultier, a researcher at SINTEF, and verified by Buzzfeed News, Grindr shared HIV status along with users’ GPS data, sexuality, relationship status, ethnicity, phone ID and email to Apptimize and Localytics, which help optimize apps. This information, unlike the HIV data, was sometimes shared via plain text.
Buzzfeed News reported that under the app’s “HIV status” category, users can choose from a variety of statuses, which include whether the user is positive, positive and on HIV treatment, negative, or negative and on PrEP, the once-daily pill shown to effectively prevent contracting HIV.
In a statement, Grindr CTO Scott Chen said that as a company that serves the LGBTQ community “we understand the sensitivities around HIV status disclosure” and clarified that Grindr “has never, nor will we ever sell personally identifiable user information – especially information regarding HIV status or last test date – to third parties or advertisers.”
Chen clarified that it does work with highly-regarded vendors to test and optimize how it rolls out the platform, and these vendors are under strict contractual terms that provide for the highest level of confidentiality, data security and user privacy.
He also clarified that when information is sent, “it is always transmitted securely with encryption, and there are data retention policies in place to further protect our users’ privacy from disclosure.”
Chen added that it is up to each user to determine what, if anything, to share about themselves in their profile and the inclusion of HIV status information within the platform is always regarded carefully with users’ privacy in mind.
“We assure everyone that we are always examining our processes around privacy, security and data sharing with third parties, and always looking for additional measures that go above and beyond industry best practices to help maintain our users’ right to privacy.”
In a later update, Grindr said it would stop sharing users’ HIV status when the app’s next update is released. Chief security officer Bryce Case defended Grindr’s decision to share the data, arguing that Apptimize and Localytics are simply tools to help apps like Grindr function better, and that the information was not shared to make money or for other nefarious purposes.
Evgeny Chereshnev, CEO and founder of Biolink.Tech, said that this type of highly personal information can be used for blackmail, extortion or manipulation, where a lot of damage could be done to a person’s life, and only we should have visibility as to where and how our personal data is used, and on what basis.
“All practices where a company has access to confidential information such as HIV status, sexual orientation or even information on deadly allergies, should be illegal to share with other parties,” he said.
“We need to totally rethink the way we approach data – our digital trail and dDNA (digital DNA). Privacy of personal data MUST become a constitutional right that everyone has from birth. Data is there forever, and it should be illegal to take it from users. It goes back to the age old question – what is self? Who owns it and what needs to be co-owned by third parties for self to coexist in the society that we live in? For example, a healthcare system needs access to my vital health records in order to administer the right treatment, but they don’t need to own that data. We should own our own self.”