One of the worst-case scenarios for the barely regulated and secretive location data industry has become reality: Supposedly anonymous gay dating app data was apparently sold off and linked to a Catholic priest, who then resigned from his job.
Companies sell this data with ease because the data supply chain is opaque and the practice is barely regulated, especially in the United States. The $12 million fine from Norway was because Grindr violated the European Union’s General Data Protection Regulation, or GDPR. The United States still doesn’t have an equivalent federal privacy law, so Grindr may not have done anything legally wrong here unless it lied to consumers about its privacy practices (at which point it may be subject to Federal Trade Commission penalties, such as they are).
Link: This outed priest’s story is a warning for everyone about the need for data privacy laws