Could “commercially available” location data originating from Grindr really have been used to identify an individual? I asked Finn Myrstad, who helped file a data protection complaint regarding how Grindr shares user data.
Many of the apps on your phone are constantly monitoring and broadcasting your activity—both online, in the form of your taps and app interactions, and offline, in the form of your location.
You probably already know this. Campaigners have been shouting about it for years.
But there have been few high-profile cases in which the workings of so-called “surveillance advertising” have actually caused clear harm to individual people.
That changed this week.
The ‘Grindr Priest’ Story
On Tuesday, Catholic Substack publication The Pillar claimed it had identified a specific person using location data collected by an app on their phone.
The story was particularly explosive, The Pillar had allegedly identified the high-ranking Catholic priest Jeffrey Burrill—and the app that reportedly gave away his location was Grindr, a gay dating app.
Investigators from The Pillar supposedly obtained “commercially available records of app signal data” to tie a “mobile device correlated to Burrill“ to several locations, including his home, his workplace, and what the publication describes as a “gay bathhouse.” Burrill resigned once the story became public.
The Pillar’s activities were arguably ethically dubious. But is the story plausible on a technical level?
Grindr denies The Pillar’s claims.
“We do not believe Grindr is the source of the data behind the blog’s unethical, homophobic witch hunt,” a Grindr spokesperson told me via email. “We have looked closely at this story, and the pieces simply do not add up.
“Grindr has policies and systems in place to protect personal data, and our users should continue to feel confident and proud in using Grindr regardless of their religion, ethnicity, sexual orientation, or gender identity.”
But this isn’t the first time Grindr’s data-sharing habits have been called into question.
Grindr’s GDPR Fine
In January, the Norweigan data protection authority announced that it intended to issue a €10 million fine against Grindr, after finding that the dating app was sharing its users’ data “unlawfully.”
The complaint against Grindr was brought by a coalition of campaign groups. I spoke to Finn Myrstad, who heads up digital policy for the Norweigan Consumer Council and was one of the key people behind the complaint against Grindr.
I asked Myrstad, given what he knows about Grindr’s data-sharing practices, whether this story was feasible.
“Based on the research and analysis we did, then this is definitely one of the scenarios we outlined as possible harms,” Myrstad told me via Signal.
“When we conducted the technical tests on Grindr in 2019, we observed that they shared advertising ID and location data to several third parties, who in turn reserved the right to share the data onwards and use it for their own purposes.”
“This was the basis of our complaint,” Myrstad said.
Linking Location Data to Identity
But how can you identify someone based on app location data?
Myrstad explained: “When an app shares location data, it can in itself reveal a person’s identity, where they live, where they spend their free time and their nights, and so on.”.
“This is clearly very personal information,” he said. “When this is coupled with other persistent identifiers, such as advertising ID, it is very easy to identify and infer lots of sensitive, personal information about that individual.”
“We found in our study that Grindr was sharing this personal information generously, with multiple third parties, who are in the business of collecting, analyzing, and sharing such data,” Myrstad continued.
“It goes without saying that there is a risk that such data can be used and resold for other purposes.”
Location data can be sensitive in any context—but it’s particularly sensitive when emitted from an app like Grindr.
“Users of Grindr have a particular right for protection,” Myrstad said, “as using the app can reveal their sexual orientation, as we argued in our complaint.”
So is the story feasible? Could The Pillar have used Grindr-originating data to identify an individual person?
“I cannot say for certain that this can be done with Grindr data, but it is highly probable that someone with intent could have achieved this with the kind of data sharing we observed in our test,” Myrstad said.
“There was in practice no control of how sensitive data was shared.”
A Ban on ‘Surveillance Advertising’?
It’s these sorts of harms that have led campaigners, including Myrstad, to call for a ban on so-called “surveillance advertising.”
Earlier this month, I interviewed Vivaldi CEO Jon Stephenson von Tetzchner about a similar campaign to “stop the invasive and privacy-hostile practices” that “harm consumers and businesses and can undermine the cornerstones of democracy.”
And last week, a group of European Parliament members proposed legislation aiming to “entirely ban the use of personal data in targeted advertising.”
Advertisers and industry groups have long argued that such calls are disproportionate, and that the harms attributed to targeted advertising have been exaggerated.
But Jeffrey Burrill’s story suggests otherwise.