On Wednesday (17th), the privacy advocacy organization NOYB (European Center for Digital Rights) lodged a complaint with the Austrian data protection authority against companies such as TikTok’s overseas version, accusing them of using third-party trackers to monitor Grindr users’ activities, potentially violating regional privacy regulations and leading to the risk of sensitive data leakage.
According to Reuters, NOYB accused TikTok of tracking data of social platform Grindr users through data company AppsFlyer without authorization, a move that is suspected to breach the EU’s General Data Protection Regulation (GDPR).
NOYB is a non-profit organization headquartered in Austria dedicated to enforcing data protection laws, particularly the EU’s GDPR and electronic privacy regulations.
NOYB urged Austrian regulators to penalize companies like TikTok and prevent such illegal actions.
NOYB alleges that the Chinese company ByteDance, the owner of TikTok, and the dating platform Grindr widely used by the LGBTQ+ community illegally shared sensitive user information, with the mobile attribution and marketing analytics platform AppsFlyer assisting in unauthorized data transfers.
NOYB informed Reuters that users discovered TikTok had accessed sensitive information of this user on other applications through data access requests, including records of using apps like Grindr and LinkedIn, as well as information on purchased goods.
TikTok claims that the collection of this data is for purposes such as “personalized advertising, analysis, security,” and others, NOYB points out that under the GDPR, sensitive personal information of users, such as sexual orientation, receives special protection. AppsFlyer and Grindr are not authorized to share users’ sensitive personal information with TikTok.
As per the provisions of the GDPR, regulatory authorities should accept complaints submitted by data subjects or organizations representing data subjects, and investigate the complaints within an appropriate range, informing the complainant of the progress and results of the investigation within three months. During the investigation, regulatory authorities may request relevant companies to provide compliance documentation.
In May this year, due to concerns over TikTok transferring data to China, Ireland imposed a €5.3 billion fine on TikTok; while Grindr faces a collective lawsuit filed by London users. The plaintiffs allege that between 2018 and 2020, Grindr shared users’ HIV status with third parties without authorization.