The council took action against some of the companies it examined, filing formal complaints with Norway's data protection authority against Grindr, Twitter-owned mobile app advertising platform MoPub and four ad tech companies. Grindr sent data including users' GPS location, age and gender to the other companies, the council said.
Twitter said it disabled Grindr's MoPub account and is investigating the issue "to understand the sufficiency of Grindr's consent mechanism."
Period tracker app MyDays and virtual makeup app Perfect 365 were also among the apps sharing personal data with ad services, the report said.
The U.S. doesn't have federal regulation like the GDPR, although some states, notably California, have enacted their own laws. Nine civil rights groups, including the American Civil Liberties Union of California, the Electronic Privacy Information Center, Public Citizen and U.S. PIRG sent a letter to the Federal Trade Commission, Congress and state attorneys general of California, Texas and Oregon asking them to investigate the apps named in the report.
"Congress should use the findings of the report as a road map for a new law that ensures that such flagrant violations of privacy found in the EU are not acceptable in the U.S.," the groups said in a statement.
The FTC confirmed it received the letter but declined to comment further. IAC, which owns Tinder and OkCupid, and creators of the MyDays, Perfect 365 and Grindr apps did not immediately respond to requests for comment.
- AP