A Façade of Anonymity: Grindr’s Breach of User Privacy
The article extrapolated upon a lack of stringent privacy and verification policies in various dating apps. It further illustrates privacy concerns in apps targeted towards LGBTQIA+ community. Lastly, it analyses how India lacks a comprehensive data protection law, and loopholes in the current regime governing such platforms.
The recent outing of a priest through a data leak of the app Grindr has highlighted the safety concerns surrounding such dating apps. The location enabled algorithms that apps such as Tinder, Romeo, Grindr, etc. utilize have been previously criticised for their flimsy security systems and susceptibility to being hacked. The study also showcased the transnational nature of hacking that is possible in such apps and how they can be utilised to trace the locations and social modalities of a user with just a few alterations. Illustrative research has also shown how such tracking is possible even after a user switches off the location feature. Such issues have been pitched against Grindr, but no concrete action has ever been taken in this regard. The anonymity that many of these apps tout is just a ruse for marketing.
Data privacy concerns have always plagued dating platforms. This is a harmful and serious concern for the LGBTQIA+ community that faces real life ramifications upon breach of privacy and leak of personal information. The case in point can be illustrated via the famous dating app Grindr. Grindr was launched in 2009, with gay, bisexual, transgender, and queer people as its primary target-base. The app boasts of anonymity and confidentiality for creating a safe-space for people of the community to interact with each other. Though it has been seen in surveys that LGBTQIA+ people, especially teens, feel safer online and are more open about their identity therein, yet concerns about data privacy are enormous. Firstly, the issue of an under-age userbase has been raised against Grindr owing to its faulty and flimsy regulations around the same. Young teenagers find it relatively easy to circumvent an insubstantial age verification process.
Furthermore, a lack of a stringent sign-up verification process allows for easy access to sensitive data, such as location, pictures, preferences, and even HIV status. Anyone could sign up and create an account to access this user information belonging to a particular area. Grindr’s terms and conditions do assume rights to monitor user profiles but situate all responsibility for user-generated content on users themselves. The 2018 US case of Herrick v. Grindr portrays how there is rampant misuse of individual’s data on the application coupled with a pandemic of fake profiles. Herein, an ex-boyfriend had created a fake profile using their former partner’s pictures and information, where they had encouraged individuals to sexually assault their former partner. It holds evidence of the platform’s negligent safety features/measures, data verification mechanism, and advent breach of personal data.
The rampant misuse of user data and a ubiquitous presence of underaged users may have numerous consequences. Firstly, it puts underage users at risk of being contacted by sexual predators and sexual assault. Secondly, they stand a risk of being outed by potential bullies. Such potential outing of LGBTQIA+ teenagers can have such drastic impacts as social out castings, familial breakdown, and even conversation therapy. Thirdly, there is incessant exchange of illicit pictures amongst the users which is largely unregulated by Grindr. This, more often than not, may lead to revenge pornography.
What puts user’s data at risk is not only the primary anonymity policy of the app but also the various accusations of third party/actor interventions it has faced in the past. The application contains a bevy of location data, messages, and even sensitive health related data including HIV status of its users. This sensitive data, if put in the wrong hands, could be dangerous. It may lead to direct targeting and identification of the LGBTQI+ users of the platform; some of which wish to remain anonymous or might have not come out yet. In January 2021, Norway’s Data Protection Authority had imposed a fine worth 11.7 million USD for selling user data to third party actors. It had also warned of dangers of the app in countries where homosexuality is still illegal or is socially unacceptable. While users in European countries still possess more stringent protections against misutilisation of their data owing to the GDPR regime, users living in a country like India, which currently lacks a comprehensive data protection law, have very limited recourse.
The Intermediary Guidelines, 2021 under Rule 4(1) recognises a significant social media intermediary as being one that has “more than 5 million registered users.” Although there are no specifics stats available, the app has previously claimed having almost 4.5 million users in countries like India. This would however, put it under the ambit of the Intermediary Guidelines. Thereby, not requiring it to comply with numerous safeguards and due diligence requirements provided for under the guidelines.
Grindr’s lack of stringent verification process and laxity in taking a step towards the same can be attributed towards the profits it might be earning due to the current system in place. 75 percent of the revenue that the company earns comes from the subscription services and 25 percent from advertisers. The dependence on a large user base for revenue might explain the company’s inaction in filtering possible illegal users and against major data leaks. Its insubstantial data protection safeguards are consequential for the LGBTQIA+ community. Privacy on online platforms is important for these individuals, for safekeeping their health/ medical information, for ensuring a safe working environment which might get ostracised in case of unconsented release of their gender or sexuality.
Rishav is a final year law student at Rajiv Gandhi National University of Law, Punjab. His interest areas are Human Rights, Gender Laws, Intersectional Studies, and Feminist Jurisprudence.
Contact number: 7895191377
[i] Julie Kvedar, "Back to the Grind: Rethinking Grindr's Accountability for User Content," Southern California Interdisciplinary Law Journal 29, no. 3 (Spring 2020): 541-570
[ii] Julie Kvedar, "Back to the Grind: Rethinking Grindr's Accountability for User Content," Southern California Interdisciplinary Law Journal 29, no. 3 (Spring 2020): 541-570
[iii] 306 F. Supp. 3d 579 (S.D.N.Y. 2018)