Last week, The Washington Post did a deep dive on how a publication used “commercially available” mobile data to out a Catholic priest as a Grindr user and visitor of a gay bar, ultimately forcing him to resign. Some of this data was sourced from Grindr; a Grindr spokesperson told the Post that “[the] company stopped sharing location information in early 2020. The company says it only shares limited information with ad partners now.”

But this begs the question: Why was Grindr sharing granular information in the first place? (Also, remember when Grindr had to pay a $7 million GDPR fine for sharing this data without users’ consent?) Location data in particular is incredibly risky and difficult to anonymize, as I’ve written about previously.

Marketers are accustomed to sharing data freely with agency, adtech, and martech partners, usually under the guise of granular targeting, personalization, and measurement. As an industry, it is long overdue that we reconsider the assumption that more is better. Our feeble privacy considerations and failure to evaluate the ethics of data sharing can cause real-world harm.

Consider how many healthcare companies have been caught sharing patient data with advertisers — and this is just in the last six weeks. The US Federal Trade Commission (FTC) fined GoodRx for sharing data on patients’ health conditions and prescription drugs and BetterHelp for sharing data on patients’ mental health needs. More recently, Cerebral admitted that it shared patients’ mental health assessments with advertisers. And if you think that this is a US-specific problem, think again: The Austrian data protection authority ruled today that Facebook’s tracking pixel violates the GDPR.

Zack Whittaker, editor at TechCrunch, summed up my feelings best with this draft headline:

A social media post from Zack Whittaker: "My preferred headline." Screenshot of TechCrunch's website says: "Telehealth startup Cerebral was allowed to legally collect and share millions of patients' data with advertisers because the US still doesn't have data protection or privacy laws"
(Source: Mastodon)

Marketing’s data-driven mantra established data sharing as a norm (and often a requirement), but data sharing comes with risks. Beyond the FTC investigations already noted, many companies also face classaction lawsuits over their data sharing practices, not to mention the hit to their reputations and subsequent impact on acquiring new customers.

Marketers must vet their data sharing practices and whether they align with customers’ expectations. Consumers are increasingly privacy-aware, and marketers must take care to treat their data responsibly. In light of all these headlines, I’ve teamed up with my colleague Alla Valente to research how marketing and privacy and security teams should work together to protect customers and protect the brand. If you’re interested in participating in the research, please reach out!