LONDON (AP) — Dating apps including Grindr, OkCupid and Tinder leak personal information to advertising tech companies in possible violation of European data privacy laws, a Norwegian consumer group said in a report Tuesday.
The Norwegian Consumer Council said it found “serious privacy infringements” in its analysis of how shadowy online ad companies track and profile smartphone users.
The council, a government-funded nonprofit group, commissioned cybersecurity company Mnemonic to study 10 Android mobile apps. It found that the apps sent user data to at least 135 different third party services involved in advertising or behavioral profiling.
“The situation is completely out of control,” , urging European regulators to enforce the continent’s strict General Data Privacy Regulation, or GDPR. It said the majority of the apps did not present users with legally-compliant consent mechanisms.
The council took action against some of the companies it examined, filing formal complaints with Norway’s data protection authority against Grindr, Twitter-owned mobile app advertising platform MoPub and four ad tech companies. Grindr sent data including users’ GPS location, age and gender to the other companies, the council said.
Twitter said it disabled Grindr’s MoPub account and is investigating the issue “to understand the sufficiency of Grindr’s consent mechanism.”
Grindr did not immediately respond to a request for comment.
Period tracker app MyDays and virtual makeup app Perfect 365 were also among the apps sharing personal data with ad services, the report said.