Some of the most popular dating and lifestyle apps appear to be flouting stringent privacy protection laws—like the European Union’s General Data Protection Regulation (GDPR)—by willfully passing on users’ personal details such as their sexual preference, religious beliefs, and precise location to advertising and marketing companies in order to drive their own revenue streams.
According to a report called “Out of Control: How Consumers Are Exploited by the Online Advertising Industry,” released Tuesday by the Norwegian Consumer Council (NCC), app developers are sharing highly personal information with adtech firms as part of their business model, despite the risk of violating tough privacy rules, the prospect of being hit with hefty fines, and the possibility of losing consumer trust and damaging their brands. It has filed complaints under the GDPR against six of the worst offenders, including Twitter.
The NCC, a government-funded consumer rights champion, commissioned cyber-security company Mnemonic to perform a technical analysis of the data traffic from 10 popular mobile apps. It found—between them—they were transmitting user data to at least 135 different third parties involved in advertising and/or behavioral profiling.
Big Tech firms are also benefitting from the data, says the report. Google’s advertising service DoubleClick received data from eight of the apps, while Facebook received data from nine of them.
Because of the scope of the tests, the popularity of the apps, and the size of the third parties receiving the data, the NCC regards the findings as “representative of widespread practices in the adtech industry.”