A top official with the US Catholic church resigned after cellphone data obtained through a broker appeared to show he was a frequent user of the gay dating app Grindr, reigniting privacy concerns about who has access to consumers' digital records.
The US Conference of Catholic Bishops said in a memo Tuesday that Monsignor Jeffrey Burrill had resigned as its general secretary after the staff had learned on Monday of "impending media reports alleging possible improper behavior." The priest was responsible for coordinating all administrative matters for the organization.
News of Burrill's resignation, reported earlier by National Catholic Reporter, came after online Catholic news site The Pillar reported allegations of his behavior to the conference. On Tuesday, after Burrill's resignation was announced, Pillar reported that through a vendor it had obtained device location data that was allegedly collected via Grindr. The site then hired an independent data consulting firm to analyze the "commercially available" data.
Privacy experts have long voiced concern about the ease with which anonymized data can be used by data trackers to determine a person's identity based on the location, time and activity, all of which can be collected through permission granted when an app is installed.
The data analyzed by The Pillar highlights the invasive threat posed by mobile data. Pillar said its analysis of app data "correlated" to Burrill's cellphone indicates he visited gay bars in several cities between 2018 and 2020, which includes a period before Grindr's policy changed.
Grindr criticized The Pillar's report as being "full of unsubstantiated innuendo."
"The alleged activities listed in that unattributed blog post are infeasible from a technical standpoint and incredibly unlikely to occur," a Grindr spokesperson said in a statement. "There is absolutely no evidence supporting the allegations of improper data collection or usage related to the Grindr app as purported."
A main concern of privacy experts involves a concept known as "device fingerprinting," in which a tracker looks for a unique and persistent way to identify a user, even when the data is supposed to be anonymous.
Security researchers have also found that apps are collecting more data than users are led to believe. A report in 2019 found that more than 1,000 apps were taking data even after users denied them permissions, allowing them to gather precise geolocation data and phone identifiers.
It wasn't immediately clear how The Pillar obtained the data.
Burrill couldn't immediately be reached for comment. The USCCB didn't respond to requests for comment.