James Carr, an attorney representing Burrill, wrote to Grindr last month that his client was “publicly ‘outed’ as gay” as a result of his data being released, according to a copy of the letter.
“To have that decision forced out of your hands and into the public realm is reprehensible,” Carr told The Post on Saturday.
Burrill’s resignation made national headlines in July 2021, dividing Catholics and reflecting a shift in traditional church power dynamics, with some churchgoers now in positions to pressure bishops. It also shed light on the issues surrounding data privacy.
His resignation came around the same time that the Pillar, an online newsletter that covers the Catholic Church and that is not a defendant in the lawsuit, reported that it had collected information about Burrill from Grindr that showed he visited gay bars. The news site said it hired an independent firm to authenticate the information.
The USCCB asked Burrill to resign after it received his Grindr data from the Catholic Laity and Clergy for Renewal (CLCR), a Denver nonprofit organisation that aims to support churches, said Gregory Helmer, an attorney representing Burrill. A USCCB spokeswoman told The Post at the time that Burrill decided to resign after allegations of his “improper behaviour” were released.
Jayd Henricks, the president of the CLCR, wrote in an email to The Post on Saturday that the organisation retrieved Grindr data to help Catholic bishops “assist their priests and seminarians in living their priestly vows.” He denied sharing information with the Pillar, which has not revealed its source.
Grindr sold Burrill’s data from between 2017 and 2021 to companies and data vendors, the lawsuit said. Henricks wrote in religious journal First Things last year that the CLCR bought the “publicly available data” in an “ordinary way.” But Helmer hopes to learn in court where the organisation obtained the data.
“We want answers so we can use that as a warning to other Grindr users,” Helmer said.
In June 2022, Burrill’s bishop, William Callahan, appointed Burrill the parochial administrator of a parish in La Crosse, Wisconsin. But Burrill is still “trying to get back on his feet” after suffering from “shame and embarrassment,” Helmer said.
Last month, Carr asked Grindr to compensate Burrill $5 million. When Grindr didn’t agree, Carr said, Burrill filed a lawsuit on July 18, requesting damages and an order that would prevent the app from releasing users’ data without prior notice.
Chris Hoofnagle, the faculty director of the University of California at Berkeley’s Center for Law and Technology, said most people don’t read companies’ privacy policies, and even if they did, companies typically remain vague in their policies, such as saying they’ll “sometimes” share information about their users. Hoofnagle said some companies could find new customers by purchasing data from Grindr, such as a store that sells LGBTQ+ products.
“There’s this illusion of control when users put personal information into applications,” Hoofnagle said, “and the reality is that there are an unfathomable number of security breaches, many of which we never hear about because they’re undisclosed.”
Anton Dahbura, the executive director of Johns Hopkins University’s Information Security Institute, said the US government doesn’t have enough regulation over data privacy to halt many data sales. Even as some lawmakers are pushing for more protections, Dahbura said the problem is getting worse.
Burrill isn’t the first person to accuse Grindr of not protecting users’ privacy. A lawsuit filed in April alleged that the app shared users’ HIV statuses, and the company’s former chief privacy officer Ron De Jesus said last year that he was fired after he raised concerns about Grindr’s privacy.
