A Vienna-based privacy advocacy group, None of Your Business (noyb), has filed formal complaints with Austria's data protection authority against TikTok, the LGBTQ+ dating app Grindr, and mobile marketing analytics firm AppsFlyer.1 The complaints allege that the companies violated the European Union's General Data Protection Regulation (GDPR) by tracking user activities across apps, including Grindr, without proper consent, risking the exposure of sensitive data.
Noyb claims that TikTok tracked the activity of a specific user on Grindr (and LinkedIn) using a third-party tracker facilitated by AppsFlyer.
The complaint emphasizes that TikTok and Grindr illegally shared sensitive user information. GDPR provides special protection for sensitive data, such as sexual orientation, due to the risk of discrimination.
According to noyb, the user only discovered that TikTok had accessed sensitive details, including their "use of Grindr," through a data-access request and after repeated inquiries, suggesting a failure to comply with GDPR's transparency requirements.
TikTok reportedly told the user the data was used for purposes including "personalised advertising, analytics, security."
Noyb argues that neither AppsFlyer nor Grindr had any legal grounds to share the user's data with TikTok.
This is not the first privacy issue for these companies. Ireland fined TikTok 530 million euros in May over concerns about data transfers to China. Grindr faces a mass lawsuit in London over allegations that users' HIV status was shared with third parties without consent between 2018 and 2020.
Noyb urged Austrian regulators to impose fines and compel the three companies to stop the alleged unauthorized data tracking and sharing practices.
Officials from TikTok, Grindr, and AppsFlyer were not immediately available for comment.
Comment
