Several popular apps are selling user data—including highly personal information, such as dating choices and precise locations—in ways that could violate privacy laws, according to a report released today by the Norwegian Consumer Council.
For the report, titled Out of Control: How Consumers Are Exploited by the Online Advertising Industry, the government-funded nonprofit worked with cybersecurity company Mnemonic to analyze data traffic from 10 popular apps: Dating apps Tinder, OkCupid, Happn and Grindr; period tracker apps Clue and MyDays; makeup app Perfect365; children’s app My Talking Tom2; Qibla Finder; and Wave Keyboard. The findings were first reported by The New York Times.
According to the company’s analysis, several of these apps shared location data with a large number of partners—in some cases more than 70. OkCupid, it found, shared “highly personal data about sexuality, drug use, political views and more” with analytics company Braze.
This transmission of data without a transparent explanation of its usage likely violates the EU’s General Data Protection Regulation, which took effect in May 2018. The Norwegian Consumer Council filed a complaint with a regulatory body in Oslo requesting an investigation of these violations. Stateside, California is gearing up to put a broad new consumer privacy law into effect in two weeks, which will require companies to allow consumers to easily stop the spread of their information.
Many apps, however, currently operate on a business model of providing free services by selling users’ information to third-party advertisers. And as Mike Shehan, CEO and founder of online video ad platform SpotX told Adweek at CES, the benefits of using these apps often outweighs consumer concerns over exactly where their data goes and what corporations do with it.