[ad_1]
One of the worst-case scenarios for the barely regulated and secretive location data industry has come true: Data from allegedly anonymous gay dating apps was apparently sold and linked to a Catholic priest, who later resigned from his job. use.
It shows how, despite frequent assurances from app developers and data brokers that the data they collect is “anonymized” to protect people’s privacy, that data can and does fall into the wrong hands. This can then have dire consequences for users who may have had no idea that their data was being collected and sold in the first place. It also shows the need for real regulations on the data broker industry which knows so much about so much but is beholden to so few laws.
Here’s what happened: A Catholic outlet called Pillar kind of got “app data signals from the location-based login app Grindr.” He used it to track a phone owned or used by Bishop Jeffrey Burrill, who was an executive officer of the United States Conference of Catholic Bishops. Burrill resigned from his post shortly before the Pillar released their investigation.
There is still a lot we don’t know here, including the source of the Pillar data. The report, which presents Burrill’s apparent use of a gay dating app as “serial sexual misconduct” and mistakenly associates homosexuality and the use of dating apps with pedophilia, simply states that this was “commercially available application signal data” obtained from “data providers”. We do not know who these providers are, or the circumstances surrounding the purchase of this data. Either way, it was pretty damning that Burrill quit his post about it, and the Pillar says it’s possible Burrill was facing “canon discipline” as well.
What we do know is that dating apps are a rich source of personal and sensitive information about their users, and these users rarely know how that data is being used, who can access it, and how these third parties use that data or who else they sell it or share it with. This data is typically meant to be “anonymized” or “anonymized” – this is how apps and data brokers claim to respect privacy – but it can be fairly easy to re-identify this data, as several surveys have shown, and as privacy experts and advocates have warned for years. Considering that data can be used to ruin or even end your life – being gay is punishable by death in some countries – the consequences of mismanagement are as dire as it gets.
“The damage caused by location tracking is real and can have a lasting impact into the future,” Sean O’Brien, senior researcher at ExpressVPN’s Digital Security Lab, told Recode. “There is no meaningful oversight of smartphone surveillance, and the abuse of privacy that we have seen in this case is made possible by a profitable and booming industry.”
For her part, Grindr told the Washington Post that “there is absolutely no evidence to support the allegations of the collection or improper use of data related to the Grindr application as alleged” and that it was “Technically infeasible and incredibly improbable”.
Still, Grindr has gotten into trouble over privacy issues in the recent past. Internet advocacy group Mozilla called it “privacy not included” in its review of dating apps. Grindr was fined nearly $ 12 million earlier this year by the Norwegian Data Protection Authority for providing information about its users to several advertising companies, including their exact locations and codes. user tracking. This came after a nonprofit called the Norwegian Consumers Council discovered in 2020 that Grindr had sent user data to more than a dozen other companies, and after a BuzzFeed News investigation in 2018 revealed that Grindr shared users’ HIV statuses, locations, email addresses, and phone IDs. with two other companies.
While it is not known how Burrill’s data was obtained from Grindr (assuming, again, that Pillar’s report is true), app developers typically send location data to third parties via software development kits, or SDKs, which are tools that add functionality to their applications or serve ads. The SDKs then send the application’s user data to the companies that manufacture it. For example, this is how data broker X-Mode was able to obtain location data from millions of users across hundreds of applications, which it then passed on to a defense contractor, who then passed them on to the U.S. military – far from the only government agency providing location data in this way.
Grindr did not respond to a request for comment from Recode asking for details of the companies or third parties to which it shared or sent user data, or the SDKs it uses in its app. But it states in its own privacy policy that it shared the age, gender, and location of users with advertisers until April 2020. The Pillar said its data on Burrill ranges from 2018 to 2020.
Companies sell this data with ease because the data supply chain is opaque and the practice is barely regulated, especially in the United States. Norway’s $ 12 million fine was due to Grindr violating the European Union’s General Data Protection Regulation, or GDPR. The United States still does not have an equivalent federal privacy law, so Grindr may not have done anything legally wrong here, unless he lied to consumers about its privacy practices (at that time, it may be subject to Federal Trade Commission sanctions, as they are).
“Experts have warned for years that data collected by advertising companies from Americans’ phones could be used to track them and reveal the most personal details of their lives,” said Senator Ron Wyden (D- OR), who lobbied for privacy regulations. the location data industry, said in the statement to Recode. “Unfortunately, they were right. Data brokers and advertising companies lied to the public, assuring them that the information they gathered was anonymous. As this horrific episode shows, these claims were false – individuals can be tracked and identified. “
In the absence of laws, companies could self-regulate to better protect user privacy. But without anything forcing him to do so – and in an environment where any transgression is difficult to identify and track – the user simply has to hope for the best. App stores like Apple and Google Play prohibit the sale of location data in their terms of service, but we know some companies do it anyway. If Apple or Google finds out that apps are breaking these rules, they can ban them from their stores. But that doesn’t help people whose data has already been collected, shared, or sold.
So what can you do If you use Grindr and want to minimize or restrict any data you may have provided to the app, its privacy policy contains details on how to opt out of ad services and how to delete your account. Then you have to have confidence that Grindr will follow … just like you have to believe that Grindr will protect your data in the first place.
You can also defend privacy laws that prohibit these practices by contacting your local and federal officials. 2021 saw the passage of two state-level privacy laws (Virginia and Colorado), but we are still awaiting federal law. While the Democrats have the Presidency, House, and Senate (barely, and still not enough without filibuster reform), they have yet to advance any of the proposed privacy bills – and the year is more than half over.
The simple fact is, the data you provide to applications is fueling a massive economy worth hundreds of billions of dollars, which is hundreds of billions of reasons for it not to change, until they are forced to do so.
“The FTC must step up and protect Americans from these outrageous privacy breaches, and Congress must pass comprehensive federal privacy legislation,” Wyden said.
[ad_2]
Source link