A significant privacy complaint alleges unauthorized cross-app tracking with Grindr, risking exposure of highly personal information.
A dramatic new front has opened in the global battle for digital privacy. A leading European privacy group has filed a major complaint, accusing social media giant TikTok of secretly monitoring users’ activities on unrelated dating applications. This alleged practice, which involved coordinating with the dating app Grindr and the mobile analytics firm AppsFlyer, suggests a chilling disregard for the boundaries of personal data, especially concerning highly sensitive information.
The Unmasking of Covert Surveillance
Vienna-based privacy watchdog, None of Your Business, or NOYB, filed the serious complaints with Austrian regulators on Wednesday, December 17, 2025. NOYB alleges that TikTok illegally tracked a user’s activity across other applications, specifically noting usage of the LGBTQ+ dating app Grindr. This covert tracking allegedly happened without explicit consent, a clear violation of the European Union’s landmark General Data Protection Regulation, or GDPR.
The complaint points to AppsFlyer, a mobile marketing and analytics company, as the crucial intermediary, and the group contends that AppsFlyer facilitated the unauthorized data transfers, serving as a conduit for sensitive information. A data-access request submitted by a user reportedly revealed this unlawful practice, showing that TikTok possessed details about their Grindr usage, among other apps. This entire process raises immediate, deep concerns about the legality and ethics of such cross-platform surveillance.
Also Read: Instagram’s Double Shock: Viral Content Engine Meets Five-Day Office Lockdown
Sensitive Data in the Digital Wild
The nature of the information involved elevates the issue from a simple privacy violation to a serious breach of human rights. Data concerning a person’s sexual orientation constitutes “special category data” under GDPR. This designation mandates the highest level of protection and requires the user’s explicit consent for processing. NOYB’s lawyer, Kleanthi Sardeli, noted that while cross-app tracking is a common problem, the sensitive nature of the Grindr data makes this one of the most extreme examples seen so far. The privacy group forcefully argues that neither Grindr nor AppsFlyer had a valid legal basis to share this deeply personal data with TikTok.
TikTok, a global platform, reportedly used the tracked data for targeted ads and analytics, failing to inform the user until after multiple, persistent requests. According to NOYB, TikTok later asserted the data was used for personalized advertising, analytics, and security purposes. Such an explanation fails to address the core issue of consent and the handling of protected personal information.
A Pattern of Lax Privacy and Growing Alarm
This latest controversy follows a persistent global trend of consumer discomfort regarding corporate data practices. A significant majority of adults worldwide, approximately 85%, express a desire to do more to protect their online privacy, according to a recent global survey. Furthermore, a 63% of global consumers believe most companies are simply not transparent about how they use personal data. These figures underscore the vast trust deficit separating technology companies and their user base, making the allegations against TikTok, Grindr, and AppsFlyer particularly alarming.
The regulatory environment is also becoming increasingly punitive. Grindr has faced significant regulatory backlash before; for instance, the Norwegian Data Protection Authority previously imposed a hefty fine on the dating app for illegally sharing user data with third parties. Similarly, TikTok faced a massive fine from the Irish Data Protection Commission in May for GDPR violations involving children’s data.
Also Read: Is YouTube the New TV? Teens Are ‘Constantly’ Online
NOYB urges Austrian regulators to issue hefty fines against the three companies and compel them to cease all unauthorized data processing immediately. The outcome of this case will undoubtedly establish a significant precedent for how social media platforms and their partners handle special category data across Europe. This entire situation demonstrates the urgent need for robust compliance and unwavering transparency from companies that hold the world’s most sensitive digital records.
