Top US Catholic church official resigns amid link to brokered cellphone data – CNET [CNET]

A top official with the US Catholic church resigned after cellphone data obtained through a broker appeared to show he was a frequent user of the gay dating app Grindr, reigniting privacy concerns about who has access to consumers’ digital data.

The US Conference of Catholic Bishops said in a memo Tuesday that Monsignor Jeffrey Burrill had resigned as its general secretary after the staff had learned on Monday of “impending media reports alleging possible improper behavior.” The priest was responsible for coordinating all administrative matters for the organization.

News of Burrill’s resignation, reported earlier by National Catholic Reporter, came after online Catholic news site The Pillar reported allegations of his behavior to the conference. On Tuesday, after Burrill’s resignation was announced, Pillar reported that it had obtained device location data from a data vendor that was allegedly collected through Grindr. It then hired an independent data consulting firm to analyze it.

Privacy experts have long voiced concern about the ease at which anonymized data can be used by data trackers to determine a person’s identity based on the location, time and activity, all of which can be collected through permission granted when the app is downloaded.

Grindr’s privacy policy bills the app as a “safe space” where users can “discover, navigate and interact with others in the Grindr Community.” The site says it has shared a variety of personal data with ad partners in the past, including device IDs, device location, connection information, and the user’s age and gender. It goes on to say it ceased providing information about users’ locations, age and gender in April 2020.

The data captured by The Pillar analyzed highlights the invasive threat posed by mobile data. Pillar said its analysis of the app data “correlated” to Burrill’s cellphone shows he visited gay bars in several cities between 2018 and 2020 while using the app, including while on business for the organization.

A main concern of privacy experts involves a concept known as “device fingerprinting,” in which a tracker looks for a unique and persistent way to identify a user, even when the data is supposed to be anonymous. 

Security researchers have also found that apps are collecting more data than users are led to believe. A report in 2019 found that more than 1,000 apps were taking data even after users denied them permissions, allowing them to gather precise geolocation data and phone identifiers.

It wasn’t immediately clear how The Pillar obtained the data.

Burrill couldn’t immediately be reached for comment. Grindr and the USCCB didn’t respond to requests for comment.