JAKARTA - The privacy advocacy group None of Your Business (noyb) has filed a complaint against TikTok, Grindr, and analytics company AppsFlyer with the Austrian data protection authority. They accuse the three companies of violating EU privacy laws by tracking user activity across apps without consent.
In its complaint document, noyb said TikTok was suspected of monitoring a user's activity on the dating app Grindr through a third-party tracking service, AppsFlyer. The practice was considered risky for exposing sensitive data and violating the provisions of the General Data Protection Regulation (GDPR).
According to noyb, the findings were revealed after users submitted a data access request. From there it was learned that TikTok obtained sensitive information from other applications, including the use of Grindr, activity on LinkedIn, to products that had been put into the shopping cart.
TikTok only revealed the details after repeated requests, which it said were contrary to the transparency principles of the GDPR.
Noyb emphasized that the data was used by TikTok for personal advertising, analytics, and security purposes. However, the Vienna-based organization assessed that there was no valid legal basis for Grindr and AppsFlyer to share user data with TikTok, especially data related to sexual orientation which falls under the category of highly sensitive under the GDPR.
GDPR provides special protection for such data because it has the potential to trigger discrimination. On this basis, noyb asked the Austrian regulator to impose a fine and order a cessation of the practice of cross-application tracking without explicit consent.
As of this writing, representatives for TikTok, Grindr, and AppsFlyer have not provided official responses.
This case adds to a long list of highlights on TikTok's data management practices in Europe. In May 2025, Irish authorities fined TikTok 530 million euros (Rp10.3 trillion) related to concerns about transferring user data to China. Meanwhile, Grindr is also facing a class action lawsuit in London over alleged sharing of user HIV status to third parties without consent in the period 2018-2020.
This issue once again confirms that in the era of data economy, one click can be worth billions, but it also risks big legal risks if transparency and user consent are ignored.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)
