Contact: .(JavaScript must be enabled to view this email address), 202-544-3088

WASHINGTON, D.C. – Nine consumer groups asked the Federal Trade Commission (FTC), lawmakers in the U.S. Senate and the state attorneys general of California and Texas to investigate widespread, systematic privacy violations by several popular apps available in the Google Play Store, documented in a report released today by the Norwegian Consumer Council.

The report found that 10 popular apps—Grindr, Tinder, OkCupid, Happn, Clue, MyDays, Perfect365, Qibla Finder, My Talking Tom 2 and Wave Keyboard—are sharing information they collect on users with third-party advertisers without users’ knowledge or consent, in plain violation of the EU’s General Data Protection Regulation (GDPR) as well as existing U.S. laws. When it comes to drafting a new federal privacy law in the U.S., American lawmakers cannot trust input from companies whose apps violate European privacy laws, the groups maintain.

“The illuminating report by our EU ally the Norwegian Consumer Council highlights just how impossible it is for consumers to have any meaningful control over how apps and advertising technology players track and profile them. That’s why Consumer Action is pressing for comprehensive U.S. federal privacy legislation and subsequent strong enforcement efforts. Enough is enough already! Congress must protect us from ever-encroaching privacy intrusions," said Linda Sherry, director of national priorities at Consumer Action.

These apps, and possibly a great many others, are allowing commercial third parties to collect, use and share sensitive consumer data in a way that is deliberately hidden from the user and involves parties that the consumer neither knows about nor would be familiar with. Although consumers can limit some tracking on desktop computers through browser settings and extensions, the same cannot be said for smartphones and tablets. As consumers use their smartphones throughout the day, the devices are recording information about sensitive topics such as our health, behavior, religion, interests and sexuality.

“Consumers cannot avoid being tracked by these apps and their advertising partners because they are not provided with the necessary information to make informed choices when launching the apps for the first time. In addition, consumers are unable to make an informed choice because the extent of tracking, data sharing, and the overall complexity of the adtech ecosystem is hidden and incomprehensible to average consumers,” the letters sent to lawmakers and regulators warn.

The seven groups are American Civil Liberties Union of California, Campaign for a Commercial-Free Childhood, the Center for Digital Democracy, Consumer Action, Consumer Federation of America, Consumer Reports, the Electronic Privacy Information Center (EPIC), Public Citizen and U.S. PIRG. In addition to calling for an investigation, the groups are calling for a strong federal digital privacy law that includes a new data protection agency, a private right of action and strong enforcement mechanisms.

"The NCC's report makes it clear that any state or federal privacy law must provide sufficient resources for enforcement in order for the law to effectively protect consumers and their privacy. We applaud the NCC's groundbreaking research on the adtech ecosystem underlying popular apps and urge lawmakers to prioritize enforcement in their privacy proposals," said Katie McInnis, policy counsel for Consumer Reports.

Quotes from additional signers:

“For those of us in the U.S., this research by our colleagues at the Norwegian Consumer Council completely debunks the argument that we can protect consumers’ privacy in the 21st century with the old notice-and-opt-out approach, which some companies appear to be clinging to in violation of European law. Business practices have to change, and the first step to accomplish that is to enact strong privacy rights that government and individuals can enforce.”

• Susan Grant, director of consumer protection and privacy, Consumer Federation of America

“Every day, millions of Americans share their most intimate personal details on these apps, upload personal photos, track their periods and reveal their sexual and religious identities. But these apps and online services are designed to spy on people, collect vast amounts of personal data and sell it to third parties without people’s knowledge. Industry calls it adtech. We call it surveillance. We need to regulate it now, before it’s too late.”

• Burcu Kilic, digital rights program director, Public Citizen

“U.S. PIRG is not surprised that U.S. firms are not complying with laws giving European consumers and citizens privacy rights. After all, the phalanx of industry lobbyists besieging Washington, D.C., has been very clear that its goal is simply to perpetuate a 24/7/365 surveillance capitalism business model, while denying states the right to protect their citizens better and denying consumers any real rights at all.”

• Ed Mierzwinski, senior director for consumer programs, U.S. PIRG

“This report reveals how the failure of the U.S. to enact effective privacy safeguards has unleashed an out-of-control and unaccountable monster that swallows up personal information in the EU and elsewhere. The long unregulated business practices of digital media companies have shred the rights of people and communities to use the internet without fear of surveillance and manipulation. U.S. policymakers have been given a much-needed wake-up call by Norway that it’s overdue for the enactment of laws that bring meaningful change to the now lawless digital marketplace.”

• Jeff Chester, executive director, Center for Digital Democracy

“This report highlights the pervasiveness of corporate surveillance and the failures of the FTC notice-and-choice model for privacy protection. Congress should pass comprehensive data protection legislation and establish a U.S. Data Protection Agency to protect consumers from the privacy violations of the adtech industry.”

• Christine Bannan, consumer protection counsel, EPIC

# # #