Major privacy issues revealed with popular apps

Its report, Out of Control: How consumers are exploited by the online advertising industry, investigated 10 apps and how the personal data they collect can be used to create profiles about consumers and shared with commercial third parties.

Companies can use these profiles not only to target advertising but also for practices such as price discrimination, where a customer is charged a higher price based on information about their willingness to pay for a product or service.

Dating apps Grindr and Tinder, and period tracker app Clue were among the apps reviewed.

The council described the “massive commercial surveillance” taking place as fundamentally at odds with consumers’ rights. Consumers were also increasingly vulnerable to manipulation where unknown companies knew almost everything about them, it said.

Privacy rights under threat

Privacy legislation both here and in the EU requires companies to get a customer’s permission to collect data and also tell them how it’s being used. However, none of the apps investigated provided the information consumers needed to make an informed choice about using them.

There was also little opportunity to opt out of having your data collected. The council said it found “a near complete lack of in-app settings to regulate or prevent the sharing of personal data with third parties”.

If a consumer didn’t want an app sending personal data to commercial third parties, not installing it was usually their only option.

Finn Myrstad, director of digital policy at the Norwegian Consumer Council, said the extent of tracking made it impossible for consumers to make informed choices about how their personal data was collected, shared and used.

The council has filed formal complaints with the Norwegian Data Protection Agency against Grindr and five other companies receiving personal data through the app, alleging breaches of the EU’s General Data Protection Regulation (GDPR). Mr Myrstad said current practices of extensive tracking and profiling had to end. The council is also urging companies that rely on digital advertising to look for alternative technologies that don’t depend on widespread collection and sharing of personal data.

In light of the council’s findings, we’re writing to Privacy Commissioner John Edwards asking him to investigate the issues raised. While the research was carried out in Norway, some of the apps analysed are used by consumers here and companies subject to complaints filed by the Norwegian Consumer Council may be processing data of New Zealand consumers.

Consumer organisations in 20 other countries are also calling for authorities to investigate practices of the online advertising industry.

The 10 apps included in the report were:

• Clue
• Grindr
• Happn
• Muslim: Qibla Finder
• My Days
• My Talking Tom 2
• OkCupid
• Perfect365
• Tinder
• Wave Keyboard.