Grindr faces privacy probe as Chinese owners jump

Grindr, the world’s most popular gay dating app which has been accused of numerous privacy violations, has been flogged off by its Chinese owners, 12 months after US regulators forced the disposal following national security concerns.

Gaming firm Beijing Kunlun Tech announced late last week in a stock exchange filing it had agreed to sell Grindr to San Vicente Acquisition for about $608.5m (£465m).

A recent report by the Norwegian Consumer Council (NCC) found Grindr to be one of the worst offenders in handing out sensitive user information willy-nilly to ad companies, in an “insane violation” of GDPR.

The report, which also covered OkCupid and Tinder, claimed Grindr had a “triple whammy” of issues. Not only does it fail to provide details about how it shares data with non-service provider third parties, it does not show how user data is used for targeted ads or provide in-app options to reduce data sharing with third parties.

However, it is the threat of the Chinese using sensitive data harvested by its tech companies against US citizens, which has triggered the sale. US regulators are still investigating TikTok, the Chinese short-video app, on similar grounds.

After acquiring the platform in a series of purchases starting in 2016, Kunlun announced a plan to list the division on the stock market in 2018.

But that was scuppered by the US government’s investment watchdog, the Committee on Foreign Investment in the United States (Cfius) , which instead demanded that Kunlun sold Grindr. Kunlun said it signed a “National Security Agreement” with Cfius to dispose of the unit by the end of June 2020.

Cfius had feared that the Chinese government could use personal data given to the app by its 3.3 million users to blackmail US citizens, for example over sexual preferences, while it was feared that Grindr’s users may include top US officials and military personnel.

In response, Kunlun had promised it would not transfer any sensitive data from Grindr to China, and that it would stop its operations there, keeping its headquarters in the US.

Grindr’s new owner could soon find itself hauled up by data protection regulators. The Norwegian group filed complaints asking for domestic regulators to undertake investigations into the app and five ad tech companies for violations of GDPR.

Its report stated: “The adtech industry is operating with out-of-control data sharing and processing, despite that it should limit most, if not all, of the practices identified throughout this report.

“It is time for a serious debate about whether the surveillance-driven advertising systems that have taken over the Internet, and which are economic drivers of misinformation online, is a fair trade-off for the possibility of showing slightly more relevant ads.”