TikTok Accused of Tracking Users' Grindr Activity in Major Privacy Breach Complaint

A prominent European digital rights organization has launched a formal complaint against TikTok, accusing the platform of unlawfully monitoring users' activity on Grindr, a popular dating app primarily used by gay, bisexual, and queer men. The complaint, filed with Austria's Data Protection Authority, also targets Grindr and digital marketing firm AppsFlyer, claiming the companies breached the European Union's General Data Protection Regulation by facilitating inter-app data tracking without proper transparency.

The controversy stems from reports by an anonymous user who discovered TikTok accessing their personal data from other apps, including Grindr and LinkedIn, as well as shopping cart activity. According to NOYB , the Austria-based group spearheading the complaint, TikTok only disclosed this data access after the user repeatedly inquired about their information. This lack of upfront transparency allegedly violates GDPR's "right to be informed" principle, which requires organizations to clearly explain data usage practices, often via privacy notices.

NOYB contends that the shared data includes highly sensitive information about users' sexuality and gender identity, falling under GDPR's "special categories" protections. AppsFlyer, a mobile attribution and analytics company, is accused of enabling this tracking through its technology, which allegedly allows TikTok—owned by China's ByteDance—to monitor user behavior across apps for purposes like personalized advertising, analytics, and security. A TikTok spokesperson reportedly justified the data use for these business needs, but NOYB argues it exposes users to risks without consent.

This incident is particularly alarming for LGBTQ+ individuals, as Grindr usage can reveal private aspects of sexual orientation, potentially leading to outing, discrimination, or harm in regions where such identities are stigmatized or criminalized. Privacy advocates emphasize that transgender people, non-binary individuals, and others using Grindr for community connections face amplified vulnerabilities when data is mishandled.

Grindr has faced repeated scrutiny over data privacy. In 2024, the app was hit with mass lawsuits in the UK and elsewhere after allegedly sharing users' HIV status, ethnicity, and other personal details with third parties. Law firm Austen Hays, representing plaintiffs, stated that "thousands" of users experienced "significant distress" from the potential exposure of this information to advertisers. Grindr responded by asserting it takes privacy "extremely seriously" and that the claims mischaracterized practices from over four years prior.

TikTok has also been fined multiple times for GDPR violations. In 2023, the European Commission imposed a €345 million penalty on TikTok for mishandling children's data, underscoring ongoing concerns about the platform's practices. More broadly, ByteDance-owned TikTok has been accused of aggressive data collection, raising national security fears in various countries due to its Chinese ownership.

AppsFlyer, while less in the spotlight, powers marketing analytics for thousands of apps and has been implicated in similar tracking complaints before. These prior incidents provide context for why NOYB views the current allegations as part of a pattern rather than an isolated event.

If upheld, the complaint could result in severe financial penalties under GDPR. Violations can lead to fines of up to €10 million or 2% of global annual turnover for standard breaches, escalating to €20 million or 4% for serious infringements like mishandling special category data. For TikTok, with its massive revenue—reported at over $20 billion in 2024—this could translate to hundreds of millions in penalties.

The Austrian Data Protection Authority will investigate, potentially leading to enforcement actions across the EU due to GDPR's extraterritorial reach. NOYB, founded by privacy activist Max Schrems, has a track record of successful complaints, including forcing Meta to overhaul tracking practices. Schrems commented that such inter-app tracking "turns smartphones into tracking devices without users knowing," particularly risky for sensitive apps like Grindr.

For LGBTQ+ communities, this story underscores the precariousness of digital privacy. Grindr, with millions of users worldwide, serves as a vital tool for connection, especially for gay men, bisexual men, and transgender individuals seeking partners or community in unsafe environments. Exposure of usage data could enable doxxing, harassment, or worse in countries with anti-LGBTQ+ laws. Organizations like GLAAD have long advocated for stronger app protections, noting that "queer users deserve the same privacy as anyone else."

Transgender users, in particular, report heightened fears, as data leaks could intersect with gender identity discrimination. Advocacy groups call for affirmative measures like end-to-end encryption and opt-in tracking. The timing of this complaint, amid rising global scrutiny of Big Tech, amplifies calls for LGBTQ+-inclusive privacy reforms.

PinkNews contacted TikTok, Grindr, and AppsFlyer for comment but had not received responses at publication. As the investigation unfolds, it serves as a reminder of the need for vigilant data protection to safeguard diverse LGBTQ+ identities in the digital age.