The Vienna-based data privacy organization None of Your Business (noyb) filed complaints on Wednesday with the Austrian Data Protection Authority against Grindr, the gay dating app, the social-media platform TikTok, and their data partner AppsFlyer. It accuses the three companies of violating the European Union’s General Data Protection Regulation (GDPR) by tracking user activities across apps without obtaining consent.
The Chinese company TikTok, the accusation goes, tracks how users utilize other apps. A mobile user learned about this improper practice after submitting a data request: after persistent inquiries, TikTok reportedly admitted that the platform knows which apps the user uses and what they do in those apps. Information about Grindr usage was also forwarded, Nayb says, likely by the Israeli tracking firm AppsFlyer.
This could enable TikTok to draw inferences about a user’s sexual orientation and sex life, according to noy b. Yet under the GDPR, which took effect in 2018, such data are highly protected and may only be processed in narrowly defined exceptions.
– w –
“Chinese app gains a comprehensive view of users’ online activity”
“How many US platforms TikTok is increasingly collecting data from across other apps and sources,” explained noy b privacy attorney Kleanthi Sardeli. “This gives the Chinese app a more complete picture of its users’ online activities. That in this specific case a user’s sexual orientation and sex life were revealed is only one of the more extreme examples.”
Previously it was already known that TikTok uses a broad range of data available within the app for personalized advertising. However, users had not known that the platform could access intimate data from an app like Grindr. TikTok has only stated that the data are stored for personalized advertising, analytics, and security purposes.
According to noy b, users should generally be informed about who receives their personal data and should have a right to a copy of those data. TikTok, the group argues, has structurally violated this right.
TikTok has long been under scrutiny: Ireland recently slapped the platform with a fine of about €530 million for illegal data transfers to China. Grindr, the American dating app, has also faced privacy-class criticisms: last year a court in Oslo imposed a penalty of nearly €6 million for failing to meet GDPR consent requirements for the forwarding of personal data between 2018 and 2020. Those rules also apply to Norway, a non-EU member (TheColu.mn reported).