Grindr's Recent Release of Members' HIV Status to Third Party Companies Was No Mistake, It Was Right There in Their Privacy Policy

Grindr has found itself in a bit of a sticky situation. The dating app, which is used predominantly by gay, bisexual, and transgender men, currently has over 3.6 million daily users. It recently came under fire when it was discovered that the app had allowed third parties to access encrypted data. As a result, Grindr announced that it will stop sharing this data, which includes the HIV status of its users, effective immediately.

Among other kinds of sensitive data, Grindr admitted that it had shared its users HIV status and date of last testing with two companies, Apptimize and Localytics. Those companies were paid to monitor and analyze the data that Grindr provided.

Because Grindr users are required to use email addresses and GPS locations for their accounts, that identifying information could be used to specify which users self-identify as HIV positive.

According to Antoine Pultier, a researcher at the Norwegian nonprofit SINTEF, which first identified the data breach, the sharing of HIV status is troubling.

“The HIV status is linked to all the other information. That’s the main issue. I think this is the incompetence of some developers that just send everything, including HIV status.” Other experts, including Cooper Quintin, senior staff technologist and security researcher at the Electronic Frontier Foundation,  agree with Pultier’s assessment.

“It allows anybody who is running the network or who can monitor the network — such as a hacker or a criminal with a little bit of tech knowledge, or your ISP or your government — to see what your location is. When you combine this with an app like Grindr that is primarily aimed at people who may be at risk — especially depending on the country they live in or depending on how homophobic the local populace is — this is an especially bad practice that can put their user safety at risk,” Quintin said to BuzzFeed News.

Prior to announcing that it would no longer disseminate information relating to HIV status, Grindr defended itself in a point-by-point rebuttal on Tumblr.

"It's important to remember that Grindr is a public forum. We give users the option to post information about themselves including HIV status and last test date, and we make it clear in our privacy policy that if you choose to include this information in your profile, the information will also become public,” Grindr representatives wrote.

Some Grindr users argue that given this recent systemic disclosure, the app should be required to follow HIPAA, when it comes to HIV status.

Just because some Grindr members feel comfortable disclosing their HIV status on their profile, does not mean that they feel safe having that information shared and distributed to a wider audience. One man spoke with CBC news about the stigma surrounding HIV status disclosure. “Public perception of HIV is still somewhere between 1986 and 1992,” said Kiki, a Toronto-based artist

Other men, have spoken about the personal safety risks of having status disclosed without permission.

“But just because users are comfortable sharing personal information in their profile or chats doesn’t mean they want it being shared more broadly. Some people’s jobs may be in jeopardy if the wrong people find out about their status — or maybe they have difficult family situations. It can put people in danger, and it feels like an invasion of privacy,” said Chris Taylor of Seattle, a Grindr user who no longer openly displays his HIV status on his profile.

Just hours after defending its actions on Tumblr, Grindr reversed its policy, stating that HIV status would no longer be shared with third parties.

Grindr’s actions highlight a still prevalent issue within the LGBTQ community—the stgmatization of HIV. A great deal of stigma and misinformation continues to be perpetuated about individuals living with HIV. When those individuals are outed through the sharing of their personal health information, their personal safety can be at risk.

“Grindr is a relatively unique place for openness about HIV status. To then have that data shared with third parties that you weren’t explicitly notified about, and having that possibly threaten your health or safety — that is an extremely, extremely egregious breach of basic standards that we wouldn’t expect from a company that likes to brand itself as a supporter of the queer community, “ said James Krellenstein, a member of AIDS advocacy group ACT UP New York.

Traditionally, many LGBTQ people found safe spaces through gay-oriented bars and other organizations, especially before LGBTQ rights achieved more mainstream acceptance. In recent years, online communities have begun to fill that role. Despite growing acceptance, it is still illegal in 72 countries to be homosexual, meaning that sexual orientation is considered a punishable, criminal offense. As a result, having a safe and presumably protected community online is paramount to protecting the lives of many LGBTQ individuals around the world.

Many users look to Grindr and other virtual communities to achieve the privacy and protection denied them in the real world. If that virtual community is threatened, it will further promote a culture of violence, bigotry and danger for marginalized LGBTQ people.  Ultimately, Grindr’s actions could have created a culture of danger that far exceeds the leaking of personal information.

Hopefully, Grindr’s decision to now protect its users’ HIV status will set a precedent for other dating and hookup apps. For many gay men, disclosure of HIV status can be a matter of life and death.