Editorial: A church group’s persecution of gay priests illustrates how online privacy fails

St. Louis Post-Dispatch

March 16, 2023

By Editorial Board

A conservative Catholic organization spent millions of dollars to buy data that originated with gay dating apps in order to identify gay priests and out them to their bishops, according to an investigation by The Washington Post. In addition to the major implications for LGBTQ rights and the ideological rifts currently dividing the church, the episode raises fundamental questions about privacy in the internet age that should concern all Americans.

The Post used records and interviews to uncover how a group of conservative Catholics in Colorado established a nonprofit called Catholic Laity and Clergy for Renewal, and funded it with some $4 million. The money was used to buy tracking data from mobile apps like Grindr, a gay dating site. By matching user information and location data, the group was able to identify which of the apps’ users were priests — then shared that information with bishops around the country.

The church, like so many other longstanding institutions today, is currently struggling with internal ideological divisions, as conservative Catholics resist growing acceptance of the LGBTQ community both within the church and in society at large. Some who defend efforts to root out gay priests tie it to the church’s pedophilia scandals — an especially insidious comparison, as there is no scientific evidence that homosexuals are more likely to be pedophiles.

Apart from the specific issues of gay rights and church politics, these are the truly chilling details of how this group was able to identify individuals who use certain apps. Social media companies that sell their data en masse to advertisers strip out the names and other identifying information to avoid those very issues. By presenting this as a solid safeguard to protect privacy, they have avoided almost any governmental regulation of such sales.

As the newspaper discovered, however, there are ways around those safeguards. For example, the Catholic group obtained user data on ad exchanges, where ads and related information are bought and sold. Though the data doesn’t identify individual app users by name, the group was able to cross-reference the user accounts with location data from the apps to determine which accounts were on phones that were being used inside seminaries and other locations where priests live and work.

It isn’t difficult to imagine all the other ways in which this kind of process could be weaponized. Employers prying into the private lives of their employees, stalkers using technology to keep tabs on the social-media activities of their targets, even police who would rather not bother obtaining search warrants — the potential for abuse is almost limitless.

And yet, as one public-policy data expert told the newspaper: “The number of data privacy laws in the country, you can count them on one or two hands.” That must change.