A European privacy advocacy group has accused TikTok of monitoring user activity on Grindr through a third-party tracking service, raising serious concerns about the handling of sensitive LGBTQ-related data under European Union privacy law.The allegations were filed Wednesday by None of Your Business, also known as noyb, a Vienna-based digital rights organization. The group submitted formal complaints to Austrias data protection authority against TikTok, Grindr and mobile analytics company AppsFlyer, claiming the companies violated the EUs General Data Protection Regulation, or GDPR, by tracking users across apps without proper consent.According to noyb, TikTok accessed information about a users activity on Grindr via AppsFlyer, a marketing analytics firm that helps companies track app installs and user behavior. The group said this type of cross-app tracking could expose highly sensitive personal data, including information related to sexual orientation, which is afforded special protections under GDPR.The complaint stems from a data-access request filed by a user, who later discovered that TikTok had obtained information about their use of multiple apps, including Grindr and LinkedIn, as well as details about a product added to an online shopping cart. Noyb said TikTok only disclosed this information after repeated inquiries, which it claims violates GDPRs transparency requirements.Telling people months later, and only after several follow-ups, that their sensitive data was accessed is not what the GDPR envisions, noyb said in a statement.The advocacy group alleges that TikTok used the collected data for purposes including personalized advertising, analytics and security. Under EU law, sensitive personal data, such as information that could reveal a persons sexual orientation, is subject to stricter limits because of the potential risk of discrimination, harassment or harm.Noyb argues that neither Grindr nor AppsFlyer had a legal basis to share such data with TikTok, and that AppsFlyer unlawfully facilitated the transfer. The group is calling on Austrian regulators to investigate the claims, order the companies to halt the alleged practices and impose fines if violations are confirmed.Representatives for TikTok, Grindr and AppsFlyer had not publicly responded to the allegations.The complaint adds to mounting scrutiny facing all three companies. TikTok, which is owned by Chinese tech firm ByteDance, was fined 530 million euros by Irelands Data Protection Commission in May over concerns related to international data transfers. Grindr, meanwhile, is currently facing a mass lawsuit in London brought by users who allege the app shared their HIV status with third parties without consent between 2018 and 2020.For LGBTQ advocates, the allegations underscore longstanding fears about how dating apps and social platforms handle sensitive user data. Grindr, in particular, has previously been criticized by privacy experts for its data practices, given the risks faced by queer people in hostile environments.Information about someones sexuality is not just another data point, privacy advocates have argued. In the wrong hands, it can be dangerous.If regulators determine that the alleged tracking violated GDPR, the companies involved could face significant penalties. Under the law, fines can reach up to 4 percent of a companys global annual revenue.The case now rests with Austrian authorities, who will determine whether to open a formal investigation. For millions of LGBTQ users across Europe and beyond, the outcome could have far-reaching implications for digital privacy, and for how safely queer people can exist online.Source