The Intimacy Breach: TikTok Sued for Unlawfully Tracking Users on Grindr

The popular video platform TikTok has found itself at the center of a new scandal involving alleged violations of European data protection laws. It has emerged that the service tracks user activity not only within its own platform, but also beyond it—across other applications and third-party websites. The Austrian digital rights organization noyb has filed two formal complaints against TikTok and its partners: the Israeli analytics firm AppsFlyer and the dating app Grindr.

The investigation was prompted by a case in which a user discovered that TikTok had obtained data about his activity in other apps, including Grindr. This information included actions such as adding items to a shopping cart or other behaviors capable of revealing intimate aspects of a person’s private life. Under Article 9 of the General Data Protection Regulation (GDPR), such data falls into a special category and may be processed only under exceptional circumstances. The user in question had never given consent for this data to be shared.

The inquiry revealed that the data was first collected by Grindr, then transmitted to AppsFlyer, and ultimately passed on to TikTok. As a result, all three companies were involved in the transfer and processing of sensitive personal data without a lawful basis. Experts at noyb stress that none of the entities in this chain had the right to distribute such information, particularly given its highly sensitive nature.

Beyond unlawful tracking, the second complaint concerns TikTok’s refusal to provide a complete copy of a user’s personal data upon request. Although the company offers a dedicated data download tool, it later admitted that the tool delivers only the information it deems “most important.”

Despite repeated inquiries, TikTok has failed to disclose exactly which data it processes and for what purposes. According to noyb, this constitutes a direct violation of Articles 12 and 15 of the GDPR, which guarantee users the right to clear and comprehensive information about the processing of their personal data.

noyb is calling on regulators to compel TikTok to disclose the missing information and to halt all further unlawful data processing by all three companies. The organization is also seeking the imposition of a substantial fine—one intended not only to remedy the harm caused, but to serve as a clear warning to other companies inclined to disregard European data protection law.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy