In the wake of the Facebook and Cambridge Analytica scandal, another social media company, Grindr, a gay dating app, has come under scrutiny for its sharing of sensitive personal information with third parties.  In particular, Norwegian research outfit SINTEF, after analyzing Grindr’s traffic, alleges that Grindr shares its users’ disclosed HIV status and last tested date , GPS location and other demographic profile information with third parties.

Grindr does warn its users in its Privacy Policy of its ability to share demographic information with advertising and analytics partners and even warns users specifically about sharing HIV status and last tested date information.  With regard to HIV status, the Privacy Policy specifically states:

You may also have the option to provide information concerning health characteristics, such as your HIV status or Last Tested Date.  Remember that if you include information in your profile, and make your profile public, that information will also become public.  As a result, you should carefully consider what information to include in your profile.

Despite the privacy policy language, Grindr’s head of security responded to the allegations yesterday by stating that it would cease sending users’ HIV status to third party companies.

This latest story about the intersection of privacy and social media highlights a few things app developers must keep in mind.  First, if you are collecting sensitive information and plan to disclose that information to third parties, consider whether the app design should build in an extra notification to the user.  Users are inundated with privacy policies and more likely than not, do not read them.  The importance of transparency becomes incredibly clear in this example, as Grindr is experiencing a public relations nightmare despite having language that at least vaguely covered its practices.  Second, app developers must be aware that information collection, even with the best intentions such as promoting safe sex, can come back and bite you.  Finally, once GDPR takes effect on May 25, 2018, the collection of personal information of those in the European Union, especially sensitive information such as sexual orientation and health information, will be subject to the most comprehensive and complex privacy rules.  We expect that GDPR will impact website and app development across the globe.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Daniel J. Kagan Daniel J. Kagan

Dan Kagan is an Associate in the Health Care, Long Term Care and Privacy and Cybersecurity Groups. He represents hospitals, physicians, nursing homes, assisted living communities, CCRCs and other health care clients with a wide range of regulatory, compliance, risk management, transactional and…

Dan Kagan is an Associate in the Health Care, Long Term Care and Privacy and Cybersecurity Groups. He represents hospitals, physicians, nursing homes, assisted living communities, CCRCs and other health care clients with a wide range of regulatory, compliance, risk management, transactional and reimbursement issues.

With regard to Privacy and Cybersecurity, Dan has experience drafting privacy policies and notices, website terms of use, written information security plans and incident response plans.  Dan counsels clients on compliance issues related to state, federal and international privacy laws including the General Data Protection Regulation (GDPR).  Dan also has experience representing both health care and non-health care clients that have suffered data breaches and assists such clients with breach response and applicable reporting obligations.  Dan writes extensively on privacy and cybersecurity issues and is a co-editor of Murtha’s Privacy and Cybersecurity Perspectives blog.

As a member of the Health Care and Long Term Care groups, Dan has experience representing clients with HIPAA compliance, Stark and anti-kickback analyses, purchase and sale transactions, reviewing and drafting contracts, certificate of need requirements, rate appeals, Medicare and Medicaid audits, medical staff and credentialing matters, licensing and change of ownership proceedings.

Prior to joining Murtha Cullina, Dan clerked for the Honorable Lubbie Harper, Jr. and the Honorable Joseph H. Pellegrino of the Connecticut Appellate Court.

Dan received his J.D. with honors from the University of Connecticut School of Law where he was a Notes and Comments Editor for the Connecticut Insurance Law Journal. He earned his Bachelor of Arts in Economics from McGill University.