The United States doesn’t trust a Chinese company to own gay dating app Grindr and will force it to sell by 2020, as tensions spike between Washington and Beijing over trade and national security.
Beijing Kunlun Tech acquired a 60% stake in Grindr – which describes itself as “the world’s largest social networking app for gay, bi, trans and queer people” – in 2016 and was expected to take the app public after completing the acquisition last year.
Those plans, however, were scuppered by the Committee on Foreign Investment in the United States (CFIUS), which vets overseas purchases of American businesses, “in order to determine the effect of such transactions on the national security of the United States.”
On Monday, Kunlun said it had reached an agreement with CFIUS to sell the app by June 30, 2020. Until then, the firm says Grindr will not transmit any sensitive information to China, though it is not clear how that will be enforced.
Dating apps all contain potentially sensitive data — from revealing messages and selfies, to simply the fact that users are trying to date at all — but Grindr has even more than most. There was outrage last year when it was revealed the app was sharing the HIV status of users with outside companies. In a statement, Grindr said “no advertisers have ever had access to HIV status or last test date, unless they viewed it in a person’s public profile.”
Security concerns have previously led the app to implement privacy protections for users in countries where being gay can put them in danger.
Exposed personal data
In the past, the US has blamed Chinese hackers for an attack on the Office of Personnel Management (OPM), essentially the US government’s Human Resources department, which exposed the personal data of millions of current and former federal employees. Experts said the hack might have been an attempt to build a giant database of US government workers for future espionage activity.
While CFIUS has not revealed its reasoning behind the Grindr decision, similar concerns may have been at play. Under Chinese cybersecurity law, companies doing business in the country must base their data there, raising concerns that the government could gain access to it. Chinese firms also have a history of sharing data with their government, and are often legally obliged to in cases when US officials would struggle to force companies to hand over sensitive information.
“As government officials — including US military and intelligence services officers — may be Grindr users, the US government is right to be concerned about the possibility of a foreign government gaining access to the most intimate aspects of their lives,” Privacy International, a UK-based rights group, said in a statement. “However, it is equally concerning that Grindr users from any country and background are at the mercy of a government, be it the Chinese or the US government.”
Grindr is only the latest casualty of growing US suspicion over Chinese activity on its shores, particularly when it comes to technology.
Since last year, the Washington has been engaged in a major legal and public relations battle with Chinese telecoms giant Huawei, seeking to block it from both US and global markets over purported national security concerns, particularly over the expansion of 5G networks.
In April, six retired US military leaders urged other countries to follow Washington’s lead, saying they had “grave concerns about a future where a Chinese-developed 5G network is widely adopted among our allies and partners.”
Nor is Grindr the first app to face ownership issues over national security. Last year, Washington blocked a $1.2 billion acquisition of Moneygram by Ant Financial, an online payments company owned by Alibaba billionaire Jack Ma.
In a statement, Moneygram CEO Alex Holmes said the “geopolitical environment (had) changed considerably since we first announced the proposed transaction with Ant Financial.”
That deal was blocked by CFIUS after Republican lawmakers Robert Pittenger and Chris Smith wrote that “should this transaction be approved, the Chinese government would gain significant access to, and information on, financial markets and specific international consumer money flows … we cannot afford to ignore well-coordinated Chinese investments that target our critical and financial infrastructure.”
Similar concerns were raised regarding Grindr by Democratic Senator Ron Wyden, according to a statement he gave to the New York Times.
“Last year, my office met with a top official from the Treasury Department to express my serious concerns about the national security risks associated with a Chinese company buying Grindr,” Wyden said. “It is high time for the administration and CFIUS to consider the national security impact of foreign companies acquiring large, sensitive troves of Americans’ private data.”
Many in the privacy community will be hoping that the case provokes a wider reckoning with how much personal data companies hold on users, whether or not they are based in the US or owned by US investors.
Concerns have been heightened in recent years owing to issues around Facebook (FB), which is still dealing with the fallout from the Cambridge Analytica scandal, in which it was revealed that the UK-based political consulting firm had harvested millions of users’ personal data without their consent.
There were echoes of that scandal this month, when Facebook sued a South Korean firm for allegedly misusing data to “create and sell advertising and marketing analytics and models.”
Fitness apps, smart TVs and children’s games have all faced privacy and security scandals in recent years, as users and regulators begin to push back against companies hoovering up reams of personal data to sell to advertisers and other firms.
In the European Union, this has resulted in sweeping new privacy legislation, and there have been calls for US lawmakers to follow suit. Others, including Facebook co-founder Chris Hughes this week, have said that big tech needs to be broken up to protect users.