TikTok monitored Grindr activity through third-party tracker, privacy group alleges

By Leo ‌Marchandon

Dec 17 (Reuters) - A privacy advocacy group, noyb, filed complaints to Austria's ‍data protection ‌authority on Wednesday against TikTok, Grindr and AppsFlyer, alleging these companies breached ⁠regional privacy laws, risking exposure of ‌sensitive data.

Vienna-based organization None of Your Business, or noyb, alleged the companies violated European Union privacy laws by tracking user activities across apps without consent.

noyb said TikTok tracked a ⁠particular user's Grindr activity via data firm AppsFlyer, raising concerns about breaches of the EU's General ​Data Protection Regulation (GDPR). 

It urged Austrian regulators to impose fines ‌and compel the companies to cease ⁠such practices.

Officials from TikTok, Grindr and AppsFlyer were not immediately available for comment.

SENSITIVE DATA WAS SHARED, TRANSFERRED, CLAIMS NOYB

TikTok, owned by China's ByteDance, and ​Grindr, a widely used LGBTQ+ dating app, shared sensitive user information illegally, while AppsFlyer, known for mobile marketing analytics, facilitated unauthorized data transfers, noyb claims.

noyb told Reuters the user discovered, via a data-access request, that TikTok had accessed ​sensitive ‍details from other apps, including ​the person's "use of Grindr, LinkedIn" and a product they had added to a shopping cart.

TikTok only disclosed this information to the user after repeated enquiries, failing to comply with GDPR's transparency requirements.

TIKTOK USED THE DATA FOR ADS, ANALYTICS

TikTok said the data was used for reasons including "personalised advertising, analytics, security," according to noyb.

GDPR ⁠provides special protection for sensitive information such as sexual orientation which could spur discrimination, noyb said.

Noyb said neither AppsFlyer ​nor Grindr had legal grounds to share the user's data with TikTok.

Ireland fined TikTok 530 million euros in May over concerns about data transfers to China, while Grindr faces a mass lawsuit in London ‌by users whose HIV status was allegedly shared with third parties without consent between 2018 and 2020.

(Reporting by Leo Marchandon in Gdansk; Editing by Bernadette Baum)