The same-sex dating app Grindr responded Monday to revelations that it allowed third parties to view the HIV status of users, saying its customers had the option not to supply sensitive information.
Grindr acknowledged that information on users’ HIV status, including the date they were last tested for the virus, was shared with two companies – Apptimize and Localytics, who were paid to monitor and analyze how the app was being used.
News that the app was sharing the data first appeared in a story by Buzzfeed on Monday.
Buzzfeed wrote: “Because the HIV information is sent together with users’ GPS data, phone ID, and email, it could identify specific users and their HIV status, according to Antoine Pultier, a researcher at the Norwegian nonprofit SINTEF, which first identified the issue.”
Grindr also said that the information was encrypted and that the company “has never, nor will we ever sell personally identifiable user information – especially information regarding HIV status or last test date – to third parties or advertisers.”
Nygard said the news about Grindr “does bring up questions on whether it’s worthwhile to use that feature.”
“I actually find this very disturbing and possibly sinister,” San Francisco Supervisor Jeff Sheehy was quoted by the television station as saying.
The sharing of what many Grindr users view as private information follows a controversy over U.K.-based firm Cambridge Analytica’s use of information from tens of millions of Facebook profiles to micro-target political campaign messages.
It also comes on the same day as news of a lawsuit against CVS Health that alleges the pharmacy chain revealed the HIV status of thousands of people in Ohio.
Last August, CVS reportedly sent a letter to 6,000 participants in Ohio’s HIV Drug Assistance Program about getting HIV prescriptions through a program offered by the pharmacy chain. Healthnews Finance says only 4,000 people received that letter.
“Last year, as part of a CVS Caremark benefits mailing to members of an Ohio client, a reference code for an assistance program was visible within the envelope window,” CVS said in a statement. “This reference code was intended to refer to the name of the program and not to the recipient’s health status. As soon as we learned of this incident, we immediately took steps to eliminate the reference code to the plan name in any future mailings.”
As Healthcare Finance notes, the CVS suit “… happened just after Aetna suffered a similar breach when it mailed to about 12,000 customers in 23 states information on HIV medications. The names and address of the recipients and some of the letter’s contents were visible through the clear envelope window.”