Grindr faces UK lawsuit for selling HIV data to advertisers

Grindr is accused of a major data protection breach involving the sale of thousands of users’ highly sensitive medical records

More than 670 Grindr users – a dating and social networking app for lesbian, gay, bisexual, transgender and queer people – have filed a lawsuit accusing the company of sharing their HIV data. Thousand more could have been affected.

The claim launched by Austen Hays accused Grindr of breaching UK data protection laws for selling sensitive data about users’ HIV status and latest tested date to advertisers without consent.

Information about users’ ethnicity and data relating to their sex life and sexual orientation may have also been shared, says Austen Hays.

Chaya Hanoomanjee, managing director and the lawyer leading the claim for Austen Hays, said:

‘Our clients have experienced significant distress over their highly sensitive and private information being shared without their consent, and many have suffered feelings of fear, embarrassment and anxiety as a result.’

Martyn James, a consumer rights expert who has also campaigned for LGBT rights for over 35 years, told Consumer Voice:

‘The Grindr class action is that rarest thing. It’s not about money. It’s about a betrayal of trust. One that has a huge impact on my friends and community. We trusted an app that purported to be a place where we could be safe.

‘And instead they took our most personal details and treated them with a casual attitude that caused very real distress. We are not data. We are humans.’

Who has been affected by this potential data breach?

Austen Hays is seeking compensation for people who have had their data breached. ‘Grindr owes it to the LGBTQ+ community to compensate those whose data has been compromised and have suffered distress as a result’, said Hanoomanjee.

These data breaches occurred mainly before 3 April 2018, and between 25 May 2018 and 7 April 2020, although they may extend to further periods.

Grindr users who think they may be affected by this breach are being encouraged to join the claim. Sign up to Consumer Voice if you want to stay updated about this claim.

If the claim is won, people affected could be owed thousands in compensation due to the severity of the breach.

Grindr fine £5 million by Norwegian data watchdog

Grindr was fined £5 million (€5.8 million) by the Norwegian Data Protection Authority for breaching the General Data Protection Regulation (GDPR). Grindr failed its attempt to appeal the fine in September 2023.

In the UK, Grindr was reprimanded by the Information Commissioner’s Office in 2022 for infringing the UK GDPR.

UK High court claim against Grindr

Austen Hays filed the claim on Monday in London’s High Court alleging that the US app owner unlawfully processed and shared users’ data with third parties, including advertising companies Localytics and Apptimize.

The law firm said Grindr received payment or other commercial benefits from the companies it shared users’ personal data with.

The impact of which would allow ‘a potentially unlimited number of third parties to target and customise advertisements to its users,’ says the firm. Austen Hays says that these third parties either served the ads themselves or passed on data to others.

Companies who had access to the data are also accused of retaining the information for further use after the advert has been served.