Under Fire: Popular Hookup App Shared HIV-Related Information, Personal Data with Third Party

The popular hookup and dating app Grindr is under fire for sharing users' disclosed HIV status and most recent testing data combined with identifiable information about users with two third party vendors.
The company says it has suspended the practice, but that the data was never breached nor sold, only provided to the companies in an effort to "improve" the app's functionality for users.
"When working with these vendors, we restricted data shared to that which was appropriate for the services they are providing and encrypted it when providing it to the contractors," the company said last week in a blog post on Tumblr. "This data from HIV status fields was used to test and support development of a new features, like our recently released HIV Test Reminders."
Grindr has recently launched a series of programs to encourage users to get screened regularly for HIV and other STIs and has generally been a vocal advocate for access to pre-exposure prophylaxis medications to prevent infections.
The news came only weeks after it was revealed that millions of people had their data taken by third parties off of Facebook. That data was then used to create detailed political and marketing profiles of individuals. Those profiles were then used in the 2016 Presidential election to target Facebook users for political advertising — potentially even by Russian trolls.
The Grindr defense is not sitting well with some advocates for the HIV community.
"The unfortunate reality is that many applications and websites that were designed for various levels of social engagement have increasingly given rise to various breaches in privacy and loss of perceived confidentialities," said Jake Distel, executive director of the Lansing Area AIDS Network. "Numerous such breaches have occurred with the most recent Facebook matter monopolizing all forms of press for recent weeks. Grindr apparently endeavors to make an argument that it is a public platform and that users who chose to do so could share their HIV status and latest test dates understanding that the information would then be available to other users of the site. Grindr's actions, however, appear to be more overt, with the actual sharing of information to third parties occurring without directly informing users. With such reports becoming more routine across the social media landscape some manner of control appears critical that continues to allow the opportunity for new social engagements while at the same time protecting personal privacies that have not been vacated."
Trevor Hoppe, a professor of sociology at the University of Albany SUNY and author of the book Punishing Disease: HIV and the Criminalization of Sickness, said the revelations don't directly impact HIV criminalization.
"Online profiles have been used in criminal cases already — the sale of that data to third parties doesn't change their utility or accessibility to law enforcement," he said. "Users should expect that any information they post to a public forum is, in fact, public, and therefore should be subject to legal scrutiny at a later date."
Despite the lack of potential criminal sanctions associated with the allegations, the collection and sharing of such data — which included identifiable information such as GPS coordinates, telephone numbers and email addresses — could pose a threat to those who are forced to live in the closet because of the social stigma of sexuality and HIV. If those data sets were breached it could result in the outing of people in countries like Saudi Arabia where homsexuality is a crime, or the outing of persons who are HIV positive in communities where violence against them might happen.
While Michigan law criminalizes a failure to disclose an HIV positive status before engaging in sexual penetration "however slight," it also criminalizes the release of an HIV status. Legal experts differ on the extent to which the law applies to situations such as this instance with Grindr or personal disclosures that are repeated. Kendra Kleber, who used to do legal cases revolving around HIV in Michigan and is now a social security judge in Ohio, argues disclosure of another person's HIV status without their permission is a violation of Michigan's law.
The Michigan Department of Health and Human Services, which administers much of the federal money related to HIV care and prevention in Michigan declined to comment on whether the Grindr disclosures violated Michigan law, but said it supported the "people living with HIV maintaining their confidentiality."
And MDHHS is not alone.
"While Grindr users shared their HIV status with the app, they did not knowingly share their status with third parties. Given the stigma that people living with HIV can face, there is great potential for harm," said Linda Vail, health officer for Ingham County. "A company that caters to gay, bi, trans and queer people should have been acutely aware of the sensitive nature of the data with which they were entrusted. It's an inexcusable invasion of privacy and a violation of trust."