Two U.S. Senators sent a letter Tuesday to Grindr asking the popular gay dating app how it obtains, handles, and protects sensitive user data, including HIV status, after it was reported that the company had shared users’ HIV status with third parties.
Grindr, which has more than 3 million daily users, allows users to choose from several options under “HIV Status,” including listing positive, negative, or receiving treatment, in their profile. The app also allows users to list their latest HIV test date. That information is aimed at informing potential sexual partners, the company says.
“Simply using an app should not give companies a license to carelessly handle, use, or share this type of sensitive information,” according to the letter, which was written by Democratic Senators Edward Markey of Massachusetts and Richard Blumenthal of Connecticut. “Grindr and those with whom it shares its users’ sensitive information has an obligation to both protect this data and ensure users have meaningful control over it.”
The senators asked Grindr, which is headquartered in West Hollywood, to answer their questions by April 17.
The app has changed its policy and stopped sharing users’ HIV status, Axios reported Tuesday.
The digital-privacy scrutiny and public outcry at the mega gay-dating app sharing users sensitive, personal information grew after the company announced last week that the app would have a new feature reminding users to get an HIV test. Shortly thereafter, the Norwegian Consumer Council discovered that Grindr had shared users personal information, including HIV status, with two companies, Apptimize and Localytics, who were hired to test a new version of the app, according to media reports.
In a statement, Scott Chen, Grindr’s chief technology officer said Grindr only shares personal information when necessary or appropriate.
“Sometimes this data may include location data or data from HIV status fields as these are features within Grindr,” Chen said. “However, this information is always transmitted securely with encryption, and there are data retention policies in place to further protect our users’ privacy from disclosure.”
However, Scandinavian researchers also said that while users’ data and their HIV status was encrypted, other data wasn’t protected, such as GPS location, gender, age, search habits, phone ID, and email that could identify specific users and their HIV status, the report said.
On Monday evening, after BuzzFeed independently confirmed the Scandinavian report, Grindr said it changed the company’s policy and stopped sharing users’ HIV status.