Grindr’s Former Chief Privacy Officer Alleges Major Privacy Violations

June 30, 2023
TOMMY

For the last few years, Ron De Jesus has been Grindr's Chief Privacy Officer. He was a star on the rise in the tech/privacy world. But then he says he raised concerns over Grindr's storage of users' data and was fired within a few hours. Grindr says the timing is unrelated.

Ron De Jesus claimed that Grindr ignored the advice of its outside legal counsel— Cooley —in one debate over data collection.https://t.co/teOwxrlYTa

— Bloomberg Law (@BLaw) June 15, 2023

On January 5th of this year, De Jesus wrote an email to Chief Financial Officer Vanna Krantz expressing his issues with Grindr's privacy flaws. Just a few hours later, he received an email back, but the sender wasn't Krantz; it was HR. De Jesus was fired from his position, with the company saying he was not a "good fit." Now he's suing for wrongful termination.

De Jesus says the company prioritized "profit over privacy" with violations against multiple countries' privacy laws, including the storage of "billions" of nude photos without users' explicit consent. In his lawsuit, De Jesus states that even after users deleted their accounts, their "private communications, including naked photos and other highly sensitive content, such as HIV status are not only still stored in Grindr's systems, but also its vendor systems, and potentially retrievable by any employee of Grindr, or its third-party support vendor, through a backdoor to Grindr's application." A bug in the system apparently allowed for the private information to be stored, activated at times simply by a Grindr user watching an advertisement.

The accusations come on the heels of Grindr being fined over $7 million by Norway for illegally sharing users' data, a point De Jesus called out in his email to Krantz. But Grindr spokesman Patrick Lenihan issued a statement pushing back. "Mr. De Jesus was terminated for being ineffective and for poorly managing Grindr's privacy practices, which were his primary responsibility," Lenihan said. "Through his professional failings, Mr. De Jesus put Grindr and Grindr's users at risk."

For the most part, it's fairly safe to say that everyone knows the implicit data sharing that now goes on with social media sites and apps. If you have an Instagram, Facebook, Gmail, or Twitter, it should really go without saying that your data is being mined and sold. There's a reason those targeted ads have gotten so damn precise. But it's another level of bad business practice when the companies are storing your naked photos and sharing your HIV status with third-party vendors, particularly when you've deleted their app. It's really the ultimate #GrindrFail. De Jesus' lawsuit was filed on June 14th, so details of how this will unfold will be ongoing.