EFF Urges Grindr to Adopt Privacy-First Default Settings

The Electronic Frontier Foundation (EFF) released an open letter on June 26, 2026, urging the gay dating app Grindr to prioritize privacy as a default setting. Timed to coincide with Pride Month, this request addresses the handling of highly sensitive personal information, such as sexual orientation and HIV status, and calls for the cessation of practices like sharing data with advertisers or using it for AI training without users’ explicit consent.

Growing Risks of Data Breaches

Grindr, one of the most widely used dating apps for the LGBTQ+ community worldwide, has faced repeated controversies over its handling of users’ sensitive data. In its open letter, EFF highlighted instances where Grindr shared users’ HIV status and precise location data with advertisers without proper consent. These issues have led to regulatory penalties in several countries. Additionally, a former Chief Privacy Officer (CPO) filed a lawsuit against the company, claiming they were dismissed after whistleblowing about Grindr prioritizing profits over privacy.

For the LGBTQ+ community, privacy breaches are not merely inconvenient—they can carry life-altering consequences. Information about sexual orientation, gender identity, or HIV status falling into the hands of employers, government agencies, family members, scammers, or malicious individuals can lead to harassment, discrimination, arrest, or even violence. In 2021, data from gay dating apps, including Grindr, was sold by data brokers, resulting in incidents such as a gay priest being outed without his consent.

20 Tracking Domains Detected by Privacy

Researchers

Ahead of its open letter, EFF collaborated with privacy researcher Konrad Kollnig, the developer of the app “TrackerControl,” to investigate data transmission on Grindr. The findings revealed connections to 20 third-party tracking domains within just 15 minutes of app usage.

These domains included major tech companies and ad tech intermediaries that have faced scrutiny for privacy violations. Some of the companies involved run “real-time bidding” systems, auctioning ad space while exposing user data to hundreds of other entities. This data is then vulnerable to exploitation by data brokers.

While EFF acknowledged that Grindr has halted some data-sharing practices following public exposure, it argued that further changes are required to rebuild user trust.

Two Specific Measures Demanded

In its letter, EFF outlined two key steps it is urging Grindr to take:

1. Default Opt-Out for Behavioral Advertising: While Grindr currently offers users the option to opt out of behavioral advertising, the protection is not automatically enabled in most regions. Behavioral advertising relies on collecting and sharing personal data across vast networks of advertisers, intermediaries, and data brokers. Once data enters this ecosystem, users have little control over its destination or use.

2. Explicit Opt-In Consent for AI Training Using Private Information: EFF emphasized that making privacy a default standard is essential to demonstrate that user safety is a genuine priority.

A Choice Between Privacy and Profit

EFF’s letter underscores the tension between Grindr’s business model and the safety of its users. Grindr’s revenue heavily relies on advertising, with detailed user profiles serving as highly valuable targeting data for advertisers. However, for LGBTQ+ users, the risks posed by data breaches far outweigh the benefits of such a revenue model.

In the Japanese context, this issue cannot be ignored. Although societal acceptance of homosexuality has progressed in Japan, many individuals still conceal their sexual orientation at work or within their families. Data breaches involving dating apps like Grindr could have severe repercussions on users’ social and familial relationships.

From a privacy regulation standpoint, the issue is also thought-provoking. Under Japan’s revised Act on the Protection of Personal Information, the collection of “sensitive personal information”—such as race, beliefs, medical history, or criminal records—requires the individual’s consent. HIV status likely falls into this category. Whether Grindr’s data-sharing practices violate Japanese law remains a topic for further examination.

Editorial Opinion

In the short term, EFF’s open letter will likely increase public and regulatory pressure on Grindr. Particularly in Europe, where penalties under GDPR are a tangible risk, Grindr may be forced to take action within months. While making behavioral advertising opt-out a default setting may lead to short-term revenue losses, it is a rational move when considering the long-term risks to the company’s brand.

From a long-term perspective, this case could mark a turning point in the expansion of “privacy by default” principles from niche community services to mainstream platforms. The shift toward embedding privacy as a fundamental aspect of product design—rather than an after-the-fact opt-out option—is expected to accelerate, driven by increased regulation and heightened user awareness. Depending on Grindr’s response, its actions may set a precedent for other social and dating apps.

As an editorial team, we pose the question: Does making privacy protection the default setting truly equate to abandoning a viable business model?

References

• EFF Deeplinks: EFF to Grindr: This Pride Month, Put Safety and Privacy Over Profits — Published June 26, 2026
• Anthropic Mythos Export Restrictions Could Repeat PGP’s Mistakes
• Microsoft Defender Privilege Escalation Vulnerability “RoguePlanet” Unveiled
• Nothing Cancels Release of CMF Phone Due to Surging RAM Prices