X

Top US Catholic church official resigns amid link to brokered cellphone data

The resignation raises concerns about cellphone data privacy.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read
gettyimages-7698009231

A high-ranking priest resigns after a report that linked his cellphone to gay dating app Grindr.

Getty Images

A top official with the US Catholic church resigned after cellphone data obtained through a broker appeared to show he was a frequent user of the gay dating app Grindr, reigniting privacy concerns about who has access to consumers' digital records.

The US Conference of Catholic Bishops said in a memo Tuesday that Monsignor Jeffrey Burrill had resigned as its general secretary after the staff had learned on Monday of "impending media reports alleging possible improper behavior." The priest was responsible for coordinating all administrative matters for the organization.

News of Burrill's resignation, reported earlier by National Catholic Reporter, came after online Catholic news site The Pillar reported allegations of his behavior to the conference. On Tuesday, after Burrill's resignation was announced, Pillar reported that through a vendor it had obtained device location data that was allegedly collected via Grindr. The site then hired an independent data consulting firm to analyze the "commercially available" data.

Privacy experts have long voiced concern about the ease with which anonymized data can be used by data trackers to determine a person's identity based on the location, time and activity, all of which can be collected through permission granted when an app is installed.

Grindr's privacy policy bills the app as a "safe space" where users can "discover, navigate and interact with others in the Grindr Community." The site says it has shared a variety of personal data with ad partners in the past, including device IDs, device location, connection information, and user age and gender. The app ceased providing information about users' locations, age and gender in April 2020, according to the policy.

The data analyzed by The Pillar highlights the invasive threat posed by mobile data. Pillar said its analysis of app data "correlated" to Burrill's cellphone indicates he visited gay bars in several cities between 2018 and 2020, which includes a period before Grindr's policy changed.

Grindr criticized The Pillar's report as being "full of unsubstantiated innuendo."

"The alleged activities listed in that unattributed blog post are infeasible from a technical standpoint and incredibly unlikely to occur," a Grindr spokesperson said in a statement. "There is absolutely no evidence supporting the allegations of improper data collection or usage related to the Grindr app as purported."

A main concern of privacy experts involves a concept known as "device fingerprinting," in which a tracker looks for a unique and persistent way to identify a user, even when the data is supposed to be anonymous. 

Security researchers have also found that apps are collecting more data than users are led to believe. A report in 2019 found that more than 1,000 apps were taking data even after users denied them permissions, allowing them to gather precise geolocation data and phone identifiers.

It wasn't immediately clear how The Pillar obtained the data.

Burrill couldn't immediately be reached for comment. The USCCB didn't respond to requests for comment.