Former Grindr Exec Alleges Company Violated Privacy Laws

The former chief privacy officer at Grindr says the company fired him after he raised concerns about privacy violations on the platform, according to the lawsuit he filed in a state court in Los Angeles.

Ron De Jesus claimed in the lawsuit that the LGBTQ+ company willfully ignored his concerns about its “alarming” privacy practices concerning personal user data, according to Bloomberg Law, including retaining sensitive data like nude photos without the consent or knowledge of the user. The document alleges the company also collected the HIV status of users, even after they deleted their accounts.

"In other words, deleted users' private communications, including naked photos and other highly sensitive content, such as HIV status are not only still stored in Grindr's systems, but also its vendor systems, and potentially retrievable by any employee of Grindr, or its third-party support vendor, through a backdoor to Grindr's application," De Jesus claimed in the lawsuit, according to Business Insider.

In addition, De Jesus said that Grindr allowed third parties to collect data about users from “merely viewing an advertisement” over the platform.

The former privacy chief said that he shared these privacy violations with the executive team and followed up in an email to Grindr’s Chief Financial Officer Vanna Krantz about potential illegalities. He was fired shortly after. He’s seeking compensation for “wrongful termination, retaliation, and unfair business practices,” according to Bloomberg.

The lawsuit also claimed the app violated the EU’s General Data Protection Regulation by not correcting a bug that would “reset user data collection consent settings,” according to Bloomberg. The bug also allowed for “billions” of nude photos to be stored even after users deleted their accounts, according to Business Insider. When De Jesus tried to warn executives to correct the bug, they did not fix it.

The complaint cited state violations, including the California Consumer Privacy Act. De Jesus said the company categorized some personal data used for analytics as “strictly necessary cookies” instead of giving users the choice to opt out of this type of data collection, going against requirements set by the state to protect privacy.

Grindr’s Head of Communications Patrick Lenihan emailed this statement to Bloomberg Law in response to the allegations: “Mr. De Jesus was terminated for being ineffective and for poorly managing Grindr’s privacy practices, which were his primary responsibility. Through his professional failings, Mr. De Jesus put Grindr and Grindr’s users at risk.”

In 2021, Norway fined Grindr $7 million for illegally sharing user data.