Privacy watchdogs have filed a new TikTok Grindr GDPR complaint, accusing both platforms of unlawfully sharing sensitive user data without valid consent. The case centers on alleged tracking that could expose deeply personal information, including sexual orientation, through third-party analytics tools.
The complaint adds fresh pressure on major tech platforms already under scrutiny from European regulators. It also raises broader questions about how advertising trackers operate across apps and how much control users truly have over their data.
Privacy Group Files GDPR Complaint
The complaint was filed by None of Your Business (noyb), a Vienna-based digital rights organization known for aggressive GDPR enforcement actions. The group submitted the case to Austria’s data protection authority, naming TikTok, Grindr, and mobile analytics company AppsFlyer.
According to noyb, the companies enabled cross-app tracking that allowed TikTok to infer user behavior in other apps. This allegedly occurred without proper disclosure or explicit user consent, which GDPR requires for data processing of this nature.
Alleged Sharing of Sensitive Data
At the heart of the TikTok Grindr GDPR complaint is the handling of special category data. GDPR treats information related to sexual orientation as highly sensitive and subject to stricter protections.
noyb claims that data indicating a user’s presence on Grindr could be transmitted via tracking infrastructure. Even indirect signals, when combined with advertising identifiers, may allow platforms to draw conclusions about a person’s private life.
The group argues that such data sharing cannot rely on legitimate interest or vague consent banners. Under GDPR, processing sensitive data requires clear, informed, and explicit user approval.
Role of Third-Party Trackers
The complaint focuses heavily on AppsFlyer, a mobile attribution and analytics provider used by many large apps. noyb alleges that AppsFlyer’s software development kit enabled data to flow between Grindr and TikTok through shared identifiers.
This setup allegedly allowed TikTok to receive signals about user activity outside its own platform. If confirmed, regulators may view this as a systemic failure in how third-party trackers handle consent and data minimization.
The case could therefore extend beyond the named companies and impact the wider mobile advertising ecosystem.
Transparency and Consent Concerns
Another major issue raised in the TikTok Grindr GDPR complaint is transparency. noyb argues that users were not clearly informed about how their data was processed, shared, or combined across apps.
GDPR requires companies to explain data practices in plain language. Consent must also be freely given and specific. The complaint claims that neither standard was met, especially given the sensitivity of the data involved.
If regulators agree, the companies could face corrective orders, fines, or forced changes to their tracking practices.
Broader Regulatory Context
TikTok is already under sustained regulatory pressure in Europe, including previous enforcement actions related to data transfers and user protections. Grindr has also faced past criticism and legal challenges over data sharing practices.
This complaint reflects a growing willingness by privacy groups to target data flows between apps, not just what happens within a single platform. Regulators increasingly view cross-app tracking as a high-risk area under GDPR.
The outcome may influence how mobile apps use analytics tools across the European Union.
Conclusion
The TikTok Grindr GDPR complaint highlights the growing tension between mobile advertising practices and Europe’s strict privacy rules. If authorities find that sensitive data was shared without valid consent, the case could set an important precedent for cross-app tracking enforcement.
As regulators examine the role of third-party analytics and consent frameworks, companies may be forced to rethink how data moves behind the scenes. For users, the case underscores how seemingly separate apps can still be linked through invisible tracking infrastructure.
0 responses to “TikTok Grindr GDPR Complaint Targets Sensitive Data Sharing”