Vienna, December 17, 2025 – A European privacy advocacy group, None of Your Business (noyb), has filed complaints with Austria’s data protection authority against TikTok, Grindr, and mobile analytics firm AppsFlyer, alleging that the companies violated the EU General Data Protection Regulation (GDPR) by tracking user activity across apps without consent.

The complaints claim that TikTok, owned by China’s ByteDance, monitored a user’s activity on Grindr, a popular LGBTQ+ dating app, via data collected by AppsFlyer. According to noyb, this practice resulted in the illegal sharing of sensitive personal information, potentially including sexual orientation, employment details from LinkedIn, and even items added to online shopping carts.

Allegations of GDPR Violations

Noyb stated that TikTok used cross-app tracking data for purposes including personalized advertising, analytics, and security without obtaining proper user consent. The organization claims that TikTok only disclosed the data to the user after repeated requests, failing to meet GDPR transparency requirements.

“Sensitive data such as sexual orientation requires special protection under GDPR, and neither AppsFlyer nor Grindr had legal grounds to share this user information with TikTok,” noyb said.

The privacy group has urged Austrian regulators to impose fines and mandate that the companies cease these tracking practices immediately.

Context and Previous Regulatory Actions

This complaint comes amid growing scrutiny of TikTok and other digital platforms over data privacy concerns in Europe. In May 2025, Ireland’s data protection authority fined TikTok 530 million euros over issues related to data transfers to China. Meanwhile, Grindr is facing a mass lawsuit in London from users alleging that their HIV status was shared with third parties without consent between 2018 and 2020.

AppsFlyer, a company known for providing mobile marketing analytics services, is alleged to have facilitated unauthorized transfers of user data between apps, raising concerns about the role of third-party analytics in privacy violations.

Implications for Digital Privacy

The case highlights ongoing tensions between user privacy and mobile advertising practices, especially concerning sensitive data such as sexual orientation, health, or other personally identifying information. Privacy experts warn that cross-app tracking without clear consent could lead to significant regulatory penalties under GDPR and may prompt further scrutiny of data-sharing practices among social media and mobile app platforms.

As regulators review the complaints, the outcome could influence European data privacy enforcement, potentially impacting not only TikTok and Grindr but the broader mobile app ecosystem that relies on third-party analytics for advertising and user engagement.