When Monsignor Jeffrey Burrill began using queer dating app Grindr in 2017, there was no indication that people outside of the app could access his data, according to a new lawsuit. If there had been, the lawsuit said, he never would’ve downloaded it.
After all, Burrill’s position as the top administrator of the U.S. Conference of Catholic Bishops (USCCB) required him to take a vow of celibacy, and Catholic teaching opposes sexual activity outside heterosexual marriage.
But in 2021, a Catholic media site reported that Burrill had been using the app, news that forced him to resign from his position, according to the lawsuit, which Burrill filed against Grindr last week in California Superior Court.
Burrill alleged that Grindr did not protect his data and inform him that vendors could access it, leading him to lose his job and suffer “significant damage” to his reputation.
Grindr did not respond to a request for comment from The Washington Post on Saturday morning, but a company spokesperson told Law360 that he “intends to respond vigorously to these allegations, which are based on mischaracterizations of practices relating to user data.”
James Carr, an attorney representing Burrill, wrote to Grindr last month that his client was “publicly ‘outed’ as gay” as a result of his data being released, according to a copy of the letter.
“To have that decision forced out of your hands and into the public realm is reprehensible,” Carr told The Post on Saturday.
Burrill’s resignation made national headlines in July 2021, dividing Catholics and reflecting a shift in traditional church power dynamics, with some churchgoers now in positions to pressure bishops. It also shed light on the issues surrounding data privacy.
His resignation came around the same time that the Pillar, an online newsletter that covers the Catholic Church and that is not a defendant in the lawsuit, reported that it had collected information about Burrill from Grindr that showed he visited gay bars. The news site said it hired an independent firm to authenticate the information.
The USCCB asked Burrill to resign after it received his Grindr data from the Catholic Laity and Clergy for Renewal (CLCR), a Denver nonprofit organization that aims to support churches, said Gregory Helmer, an attorney representing Burrill. A USCCB spokeswoman told The Post at the time that Burrill decided to resign after allegations of his “improper behavior” were released.
Jayd Henricks, the president of the CLCR, wrote in an email to The Post on Saturday that the organization retrieved Grindr data to help Catholic bishops “assist their priests and seminarians in living their priestly vows.” He denied sharing information with the Pillar, which has not revealed its source.
Grindr sold Burrill’s data from between 2017 and 2021 to companies and data vendors, the lawsuit said. Henricks wrote in religious journal First Things last year that the CLCR bought the “publicly available data” in an “ordinary way.” But Helmer hopes to learn in court where the organization obtained the data.
“We want answers so we can use that as a warning to other Grindr users,” Helmer said.
In June 2022, Burrill’s bishop, William Callahan, appointed Burrill the parochial administrator of a parish in La Crosse, Wis. But Burrill is still “trying to get back on his feet” after suffering from “shame and embarrassment,” Helmer said.
Last month, Carr asked Grindr to compensate Burrill $5 million. When Grindr didn’t agree, Carr said, Burrill filed a lawsuit on July 18, requesting damages and an order that would prevent the app from releasing users’ data without prior notice.
Chris Hoofnagle, the faculty director of the University of California at Berkeley’s Center for Law and Technology, said most people don’t read companies’ privacy policies, and even if they did, companies typically remain vague in their policies, such as saying they’ll “sometimes” share information about their users. Hoofnagle said some companies could find new customers by purchasing data from Grindr, such as a store that sells LGBTQ+ products.
“There’s this illusion of control when users put personal information into applications,” Hoofnagle said, “and the reality is that there are an unfathomable number of security breaches, many of which we never hear about because they’re undisclosed.”
Anton Dahbura, the executive director of Johns Hopkins University’s Information Security Institute, said the U.S. government doesn’t have enough regulation over data privacy to halt many data sales. Even as some lawmakers are pushing for more protections, Dahbura said the problem is getting worse.
Burrill isn’t the first person to accuse Grindr of not protecting users’ privacy. A lawsuit filed in April alleged that the app shared users’ HIV statuses, and the company’s former chief privacy officer Ron De Jesus said last year that he was fired after he raised concerns about Grindr’s privacy.