A top-ranking Catholic priest resigned earlier this week amid claims he frequented gay bars and used the gay dating app Grindr. The Pillar, a leading Catholic newsletter, released a full investigative report after accessing the mobile phone data of Monsignor Jeffrey Burrill — a top administrator for the US Conference of Catholic Bishops (USCCB). But the implications of this unregulated, standardized collection and sale of data go far beyond scandals within the Catholic Church.
Personal and Private Activity Up for Sale
When the Catholic newsgroup outed Jeffery Burrill, they did so by tracking his personal and private online activity — information that was publicly available and up for sale. The Pillar reported it obtained Burrill’s mobile phone history through a data vendor, a company that collects users’ app and location history after they consent to data collection. The company then aggregates that data together and typically sells it for marketing and advertising purposes.
But with the US’s lax laws concerning data usage, companies are largely unregulated in how they can use these vast amounts of user information. After this week’s events, we’ve seen proof that almost anyone can use this data to track the online lives of individual users.
The Catholic newsletter said that the data vendor didn’t provide user names, but assigned each mobile device a numerical identifier. According to The Pillar, it was able to correlate the vendor’s ID to Burrill’s device using timestamps, GPS coordinates and usage data.
User activity showed that the device was often used in Burrill’s home, office, during meetings he attended, and near family members’ homes. The data also showed that between 2018 – 2020 the device regularly used the gay dating app Grindr, and they were able to track the device to well-known gay bars and a prominent gay bathhouse in Las Vegas.
The Pillar said they contracted an independent data consulting firm to authenticate the findings.
Protect Yourself from Data Vendors
Though app usage and location tracking are generally used for advertising and marketing purposes, it seems that anyone with enough dedication could match a device to a person, and use their personal data with malicious intent. Cybercriminals could use personal online history to run smear campaigns or blackmail celebrities, politicians and business moguls, while tech-savvy cyberbullies could target the online habits of vulnerable teens.
Take steps to protect yourself from an invasion of privacy
- Check the privacy settings in your apps: Using dating apps as an example, there are options to turn off the “Show My Distance” option that allows users to see who’s nearby. These settings use GPS and location tracking. For a full rundown of how to protect your privacy while using Grindr, check out our full article here.
- Don’t consent to data collection: Anytime you get a pop-up asking if you’d like to agree to data collection for marketing purposes, opt-out. This will at least keep trackers from following your activity.
- Use a VPN: A Virtual Private Network (VPN) assigns you a random IP address from any of its countless servers across the globe, and creates a secured, encrypted tunnel for you to browse in. Since reliable VPNs provide no user logs, there is no record of your activity. Unfortunately, dating apps like Tinder and Grindr use GPS tracking, which naturally bypasses VPNs. If you’re concerned about privacy protection, read more about VPNs here.
Responses to the Investigative Report
Grindr called the report “unethical” and “homophobic” in statements to media and said that it didn’t “believe” it was the source of information. “The alleged activities listed in that unattributed blog post are infeasible from a technical standpoint and incredibly unlikely to occur,” a Grindr spokesperson said to the Washington Post in a statement. “There is absolutely no evidence supporting the allegations of improper data collection or usage related to the Grindr app as purported.”
Grindr does have privacy protection policies and settings in the app, but it’s on the user themselves to apply them.
Since homosexuality is considered a sin in Catholic doctrine, the USCCB moved swiftly to respond to the claims. The National Catholic Reporter obtained a memo from Los Angeles Archbishop José Gomez, reading: “On Monday, we became aware of impending media reports alleging possible improper behavior by Msgr. Burrill. What was shared with us did not include allegations of misconduct with minors. However, in order to avoid becoming a distraction to the operations and ongoing work of the Conference, Monsignor has resigned effective immediately.”
Shortly thereafter, the USCCB released a similar statement to media outlets.