Dating and fertility apps including OkCupid and Grindr are sharing user information such as sexuality, drug use and political views, according to a new report by the Norwegian Consumer Council.
The “data sharing and processing” of the adtech industry is “out of control” despite laws which are expected to “limit most, if not all, of the practices identified”, according to the report.
Grindr was found to share detailed user data with third parties in the advertising and profiling industries, including users’ IP addresses, GPS locations, age and gender.
OkCupid shared information about its users’ sexuality, drug use and political views, while a period tracking app MyDays shared its users’ GPS locations with a number of third parties.
Google’s advertising DoubleClick was found to be receiving this data from eight of the apps, while Facebook was receiving data from nine of them.
Google claims that it has banned political advertisers from targeting audiences based upon their political preferences, but it is unclear how the company would prevent such targeted advertising.
Advertisements targeting people based on their political preferences is already unlawful in the UK, although it is not in the US. It is unclear if Google has run such advertising campaigns during December’s general election.
Last year, a spokesperson for the company told Sky News that it didn’t allow advertisers to target citizens in the UK based on their inferred political leanings, nor on their religion, sexual orientation, or membership in a trade group.
The company did not explain whether advertisers could upload their own lists of pre-targeted individuals and their contact details to Google for such targeted advertising, however.
Jim Killock, the executive director of digital rights organisation the Open Rights Group said: “This report shows that the most sensitive facts about people’s personal lives are being shared in irresponsible and unlawful ways through people’s mobile phones.”
Mr Killock added: “The regulators have the power to investigate and protect people’s privacy. The UK’s Information Commissioner is absolutely key, as many mobile apps are businesses based in the UK. That is why we have called on her to investigate today.”
Simon McDougall, the executive director for technology and innovation at the Information Commissioner’s Office which regulated data laws in the UK, responded to report.
He said: “Over the past year we have prioritised engagement with the adtech industry on the use of personal data in programmatic advertising and real-time bidding.
“Along the way we have seen increased debate and discussion, including reports like these, which factor into our approach where appropriate,” he added.
Mr McDougall said that the data watchdog has “seen a general acknowledgement that things can’t continue as they have been”. However, he added “there remains much more to be done to address the issues”.
The ICO says that by engaging with companies a lot of its concerns have been substantiated.
“Throughout the last year we have been clear that if change does not happen we would consider taking action. We will be saying more about our next steps soon – but as is the case with all of our powers, any future action will be proportionate and risk-based,” Mr McDougall added.
Grindr didn’t respond to Sky’s request for comment.
A spokesperson for OkCupid owner Match Group, which also owns Tinder, said: “Tinder and OkCupid use third party providers to assist with technical operations and providing our overall services, similar to all other apps and online platforms.
“For example, OkCupid uses Braze to manage communications to its users about its services. We only share the specific information deemed necessary to operate our platform, in line with the applicable laws including GDPR and CCPA.
“All Match Group products obtain from these vendors strict contractual commitments that ensure confidentiality, security of users’ personal information and strictly prohibit commercialisation of this data.”