Location Data Leak Leads To Top Church Official Resignation

Last week, Monsignor Jeffrey Burrill, a top official in the Roman Catholic Church’s American hierarchy resigned after data from his cellphone showed that he had been using Grindr, an L.G.B.T.Q dating app, and regularly visiting gay bars. In a memo, The U.S. Conference of Catholic Bishops said that Burrill has resigned as general secretary, the position responsible for coordinating all administrative matters for the organization due to “impending media reports alleging possible improper behavior.” 

The Pillar, an online Catholic news site, reported Burrill to the conference. Burrill’s cell phone location data had been accessed through a vendor after reportedly being collected via the Grindr app. The Pillar reported hiring an independent data consulting firm to analyze the data, finding that Burrill’s cellphone visited gay bars in several cities between 2018 and 2020. Grindr’s privacy policy changed in April 2020 after announcing they had  shared users’ personal data including device ID and location, age, and gender with ad partners. This is a common occurrence in America. Data is packaged in bulk and allegedly anonymous but can often be traced back to the individual as seen with Burrill. 

A Grindr spokesperson stated “The alleged activities listed in that unattributed blog post are infeasible from a technical standpoint and incredibly unlikely to occur. There is absolutely no evidence supporting the allegations of improper data collection or usage related to the Grindr app as purported.”

There are no federal laws that limit the collection, use, or analysis of location data. However, The Pillar’s use of Burrill’s location and cell phone data can be seen as invasive and something privacy experts have expressed concern about for a while. It poses the pertinent privacy question and concern about who should have access to consumers’ digital records and mobile data. A security research report in 2019 found that more than 1,000 apps were collecting geolocation data despite the user opting out and denying permission after simply installation on the user’s device.

There are varying opinions on this topic but an important takeaway is that data is not as private as some are led to believe.