Published by Global Banking and Finance Review
Posted on December 17, 2025
2 min readLast updated: January 20, 2026
noyb alleges TikTok, Grindr, and AppsFlyer breached EU privacy laws by tracking user activities without consent, risking exposure of sensitive data.
By Leo Marchandon
Dec 17 (Reuters) - A privacy advocacy group, noyb, filed complaints to Austria's data protection authority on Wednesday against TikTok, Grindr and AppsFlyer, alleging these companies breached regional privacy laws, risking exposure of sensitive data.
Vienna-based organization None of Your Business, or noyb, alleged the companies violated European Union privacy laws by tracking user activities across apps without consent.
noyb said TikTok tracked a particular user's Grindr activity via data firm AppsFlyer, raising concerns about breaches of the EU's General Data Protection Regulation (GDPR).
It urged Austrian regulators to impose fines and compel the companies to cease such practices.
Officials from TikTok, Grindr and AppsFlyer were not immediately available for comment.
SENSITIVE DATA WAS SHARED, TRANSFERRED, CLAIMS NOYB
TikTok, owned by China's ByteDance, and Grindr, a widely used LGBTQ+ dating app, shared sensitive user information illegally, while AppsFlyer, known for mobile marketing analytics, facilitated unauthorized data transfers, noyb claims.
noyb told Reuters the user discovered, via a data-access request, that TikTok had accessed sensitive details from other apps, including the person's "use of Grindr, LinkedIn" and a product they had added to a shopping cart.
TikTok only disclosed this information to the user after repeated enquiries, failing to comply with GDPR's transparency requirements.
TIKTOK USED THE DATA FOR ADS, ANALYTICS
TikTok said the data was used for reasons including "personalised advertising, analytics, security," according to noyb.
GDPR provides special protection for sensitive information such as sexual orientation which could spur discrimination, noyb said.
Noyb said neither AppsFlyer nor Grindr had legal grounds to share the user's data with TikTok.
Ireland fined TikTok 530 million euros in May over concerns about data transfers to China, while Grindr faces a mass lawsuit in London by users whose HIV status was allegedly shared with third parties without consent between 2018 and 2020.
(Reporting by Leo Marchandon in Gdansk; Editing by Bernadette Baum)
The General Data Protection Regulation (GDPR) is a comprehensive data protection law in the EU that governs how personal data is collected, processed, and stored, ensuring individuals' privacy rights.
Data protection refers to the practices and processes that safeguard personal information from unauthorized access, use, disclosure, or destruction, ensuring compliance with applicable laws.
User consent is the agreement given by individuals allowing organizations to collect, process, or share their personal data, typically requiring clear and informed choices.
A privacy advocacy group is an organization that promotes the protection of individuals' personal information and privacy rights, often through legal action and public awareness campaigns.
Explore more articles in the Headlines category
