Who Else Might Be “Looking”? Grindr and the Limitations of the PIPL and GDPR

Jack Kiehl*

Grindr collects large amounts of sensitive personal data on its users. In recent years, major privacy laws— notably, the European Union’s General Data Protection Regulation (GDPR) and China’s Personal Information Privacy Law (PIPL)—have attempted to constrain companies like Grindr from improperly handling user data. Grindr has been impacted by both laws: It faced a €5.65 million fine under the GDPR and, citing the PIPL’s regulatory burden, removed itself from Chinese app stores. Given striking similarities between Grindr’s data-handling requirements under both laws, Grindr’s withdrawal from China suggests additional factors contributed to the removal. The differences in Grindr’s responses reveal a gap between what privacy law is able to do and what companies are willing to do to protect users’ most intimate data. The limitations of privacy law underscore the need for legal reform and for privacy- centric design in order to minimize unnecessary risks to queer dating app users.

           *   Jack Kiehl received his J.D. from Columbia Law School in 2024. He thanks Professor Christopher Morten for his invaluable guidance and insight; Professors Anu Bradford and Benjamin Liebman; the CJTL editors and staff; and everyone who helped this Note take shape, including Jack Broitman, Justin Norris, and Benjamin Rodrigues.