Several popular apps are sharing user data—including highly personal information, such as dating choices and precise locations—in ways that could violate privacy laws, according to a report released today by the Norwegian Consumer Council.
For the report, titled Out of Control: How Consumers Are Exploited by the Online Advertising Industry, the government-funded nonprofit worked with cybersecurity company Mnemonic to analyze data traffic from 10 popular apps: Dating apps Tinder, OkCupid, Happn and Grindr; period tracker apps Clue and MyDays; makeup app Perfect365; children’s app My Talking Tom2; Qibla Finder; and Wave Keyboard. The findings were first reported by The New York Times.
According to the company’s analysis, several of these apps shared location data with a large number of partners—in some cases more than 70. OkCupid, it found, shared “highly personal data about sexuality, drug use, political views and more” with analytics company Braze.
This transmission of data without a transparent explanation of its usage likely violates the EU’s General Data Protection Regulation, which took effect in May 2018. The Norwegian Consumer Council filed a complaint with a regulatory body in Oslo requesting an investigation of these violations. Stateside, California is gearing up to put a broad new consumer privacy law into effect in two weeks, which will require companies to allow consumers to easily stop the spread of their information.
Update: On Wednesday, Match Group said in a statement that its products OkCupid and Tinder were not named in the Norwegian Consumer Council complaint and that user data from those products is “never” shared for commercial or advertising purposes.
Don't miss Adweek NexTech, live this week, to explore privacy, data, attribution and the benchmarks that matter. Register for free and tune in.