Catholic Group Bought App Data to Track Priests
Accountability and Privacy in the Church in the Age of Surveillance Capitalism
In July, 2021, the Catholic news site The Pillar ran an exposé alleging that Msgr. Jeffrey Burrill, at the time the general secretary of the United States Conference of Bishops (USCCB), had used the gay hookup app Grindr and “engaged in serial sexual misconduct.” The allegations were based on location data drawn from the app, provided to The Pillar by an anonymous source. The report garnered a great deal of attention because it raised ethical questions, not just regarding clerical conduct, but also journalistic ethics and digital privacy (the case was covered pretty extensively by tech journalists, for example here and here).
At the time, I wrote two essays on the matter at the Catholic Moral Theology blog, the first analyzing the facts of the case, both known and unknown, with a focus on how the collection of data from apps works; and the second looking at the ethical issues involved, particularly focusing on the collection, sale, and use of digital data.
This past Thursday, a Washington Post article (subscription required) by Michelle Boorstein and Heather Kelly provided new details on the case. Most importantly, the story revealed The Pillar’s sources and their intentions:
“The secretive effort [to buy mobile app tracking data that identified priests who used gay dating and hookup apps and then share it with bishops] was the work of a Denver nonprofit called Catholic Laity and Clergy for Renewal, whose trustees are philanthropists Mark Bauman, John Martin and Tim Reichert . . . ,” and whose president is Jayd Henricks. The organization is funded in part by the philanthropists, but also by the Catholic Foundation of Northern Colorado, indirectly linking it to the Archdiocese of Denver.
According to reports produced by Catholic Laity and Clergy for Renewal (CLCR) and sources contacted by the Post, the group’s goal is to collect data on priests’ behavior and present it to bishops. In addition, “According to one of the people familiar with the project and the audio tape, the philanthropists, Henricks and church officials have varying views about how best to use the data. Some wanted to out the men, like Burrill, believed to have the apps on their phones, the person said. Others want to use data to work behind the scenes, to monitor the men, perhaps confronting them without saying how their app use was known, or maybe keeping such men from rising in their careers, the person said.”
The story also provides further details on aspects of the story that were not included in The Pillar’s initial reporting but that were revealed later on, and so may not be familiar to everyone who followed the original story.
The data involved was GPS location data collected by Grindr and other apps, not data provided to the app by the users.
The individuals associated with CLCR purchased the data from a “data broker,” a third party that purchases and bundles personal data collected from apps and web sites, spending at least $4 million on the data.
The group purchased the personal data of, presumably, millions of app users, most of whom have no connection to the Catholic Church.
To identify specific priests among such a large amount of anonymous data, those involved focused on specific locations like the USCCB office in Washington, DC or a parish rectory, identified users that frequented those locations, and then traced those users’ movements to de-anonymize them.
What do these new details mean for the ethical issues involved in this case, and what are the implications for ministry today?
Digital Privacy
Regarding journalistic ethics, Paul Moses of Commonweal provided a good summary of the ethical issues involved in this case back in 2021, and I don’t think anything has changed since then. Most importantly, the journalists responsible for the story, J.D. Flynn and Ed Condon, because they were drawing exclusively on location data, did not establish how Burrill had actually used the Grindr app, or whether he had engaged in any kind of sexual misconduct. When it comes to digital privacy, I covered many of the ethical issues involved in great detail in the posts linked above, so here I will try to briefly outline the main arguments.
Injustices are endemic to the mechanisms in place for the collection and sale of personal data derived from web sites and apps in the United States. In theological language, these mechanisms are “structures of sin.” This does not mean, however, that the collection and sale of personal data are per se sinful. Rather, the abuse of individual consent in collecting data and the lack of safeguards on how data is used once it is collected and sold make this process a structure of sin, and as a consequence different types of participation in the process are more or less sinful.
In other contexts such as labor relations and international trade, Catholic social teaching has insisted that justice requires more than consent, and the same is true for digital privacy. Current privacy law in the U.S. regarding data is based on user consent, but there are a number of factors that make privacy agreements potentially unjust despite user consent. In the Washington Post, the individuals associated with CLCR defend their activities by insisting that they were “meticulous” regarding data and privacy laws. The behavior of the priests whose data was collected was also legal and consensual, however, and yet CLCR found the behavior morally objectionable enough that they intended to use this data to potentially ruin the latter’s careers. There are higher ethical standards than legality and consent when dealing with people’s personal data, just as there in sexual matters, and so meticulous regard for the law is no guarantee of moral rightness.
One abuse of consent is the the problem of “clickwrap,” the lengthy terms of service (ToS) to which one consents when using an app or web site. These ToS are designed not to be read. One study concluded that to actually read the ToS for web sites would take up over half the time spent online and would cost more in lost time than the cost of internet service. If an app sells personal data to third parties, the ToS will stipulate that by consenting, the user is also consenting to the ToS of those third parties, and by extension any parties to whom they may sell the data, which typically number in the thousands. It would be impossible for any user to reasonably know to whom their data will be provided or how it will be used.
These ToS are also misleading. Often they will say that no “personally-identifying information” is shared with third parties, but the user is probably unaware that this is a legal term referring only to names, Social Security numbers, and email addresses. It does not include other information, such as your location, the IP address of your home internet network, and browsing history, that could be used to identify you.
The ethical standard for digital privacy should be based on what a person could reasonably expect they are consenting to. For example: “By consenting to these ToS, did the user have a reasonable expectation a specific type of data would be provided to a third party and used in a specific way?” I think it is fair to say that by consenting to the ToS of a dating app, priests did not have a reasonable expectation that they were consenting to CLCR tracking their locations and providing that information to their local ordinary (which is not the same thing as saying they have a reasonable expectation of secrecy vis-à-vis their ordinary, much less that they should be using the apps in the first place!).
In addition, in the United States, apps and third parties that obtain data from them are not required to track how that data is used by the parties to whom they sell the data. As I noted in 2021, as a result, data has been sold to unsavory characters like bounty hunters and stalkers without legal repercussions.
I think the new Washington Post reporting makes more apparent two ethical problems that were not entirely clear at the time:
One might have got the impression from The Pillar’s initial reporting that data was collected on specific priests based on some reasonable suspicion of wrong doing, but now it is clear that this was a massive fishing expedition exposing millions of people’s location data and other personal data to individuals who have shown a willingness to de-anonymize that data, track people’s movements, and share the information publicly.
According to the Washington Post, the individuals involved spent at least $4 million on these efforts. Even if exposing priests’ sexual misdeeds to their bishops were a worthy cause, that is an enormous sum of money that could have been put to other purposes, especially when you consider how inconclusive the results actually were. And as Dawn Eden Goldstein, who has done invaluable work tracking the nexus between wealthy Catholic donors and the digital data business, points out, by forking over such a huge sum to a data broker that in turn pays Grindr and similar apps for their data, these individuals are indirectly funding the very apps they find morally objectionable!
Pastoral Implications
I want to close this already long post with some thoughts on what this all means for the Church and its ministry. As I have noted elsewhere, the widespread collection of personal data through digital means will require Christians to balance the values of accountability (or transparency) and privacy. Unfortunately, historically speaking, the Catholic Church does not have a great track record for either one.
CLCR and other groups are motivated by the desire to hold the leadership of the Church accountable, for their own behavior and for the impact their decisions have on the lay faithful. The clergy sexual abuse scandal brought home for many Catholics the need for accountability and exposed the ways that bishops and other clergy had kept secret the misconduct of priests and used notions like “scandal” to defend it. In that light, any attempt to protect the privacy of a priest or bishop when apparent misconduct is involved can hearken back to these defenses of the indefensible. I think that is a serious concern, but I also think that the overzealous pursuit of transparency can lead to its own types of sins, and so there need to be limiting principles on when it is permissible to seek out and expose information on other people’s conduct. To flesh this out, I would ask three questions:
What kind of personal misconduct does the Church have a right to publicly know about?
How is information about personal misconduct obtained?
Whose personal misconduct does the Church have a right to publicly know about?
In 2021, Gabriel Blanchard wrote at Patheos:
And I feel sorry for Msgr. Burrill. Because here’s the thing. There are two possible versions of him, and we don’t know which one he is (or rather, there’s a range of possible versions, and I’m about to describe two possible extremes). Version A: he was a rank hypocrite who lied about his sexuality on his seminary application, never even meant his vows, and didn’t care who he was letting down. He just wanted a good dirty f***, and was willing to work for the Church to pass the time and keep himself comfy.
Version B: he didn’t fully grasp that he was gay until he’d already been a priest for years. He wanted to serve God and his Church, but had no adult way to process his till-now repressed sexuality and no one safe to talk to about it; a scary experiment turned into an urge, then an addiction. He knew he should resign, but he’d already put all his professional eggs into the clerical basket—he’d end up jobless and homeless in a single stroke.
One might even add a Version C, like Version B except that Burrill’s [or whoever’s] activity never went beyond the “scary experiment” of one or two sexual encounters. The point is, human behavior, and human sinfulness, is complicated. That sort of complexity can’t be picked up using app data, but having a grasp of it is necessary for making decisions about who has a right to know about personal misconduct and what the consequences for that conduct should be. Some conduct has a clear public dimension, like sexual abuse, and so there should be public transparency and public consequences such as removal from public ministry. Flagrant and repeated misconduct, like Blanchard’s Version A, is also a public scandal and should have serious consequences. Other conduct, like my Version C above, might be better dealt with in private through the prudential ministering of a bishop or other person in leadership, depending on the circumstances.
Also, even in cases where the public has an interest in knowing about a priest’s misconduct, it still matters how the information is obtained. For example, it would be wrong to break into a priest’s residence to browse through their computer hoping to find something damning or salacious. It would be wrong to eavesdrop on sacramental confessions. I use these extreme examples to show why the ethics of how the data was obtained by CLCR is so important, regardless of its legality. The Washington Post cites Rev. Gerald Murray, a canon lawyer for the Archdiocese of New York, as arguing that the use of personal data to expose Msgr. Burrill was “a very good thing” because “The promise of celibacy is a public act, it’s not a private commitment. It’s of public interest when those are violated in a scandalous way.” The problem, however, is that Msgr. Burrill’s privacy was violated before it became known that he had engaged in scandalous behavior; as I noted earlier, this was a massive fishing expedition. It’s not at all clear that, just because celibacy is a public act, that priests lose their right to privacy before evidence of misconduct is available, which is really what Fr. Murray is arguing here. After all, Fr. Murray did not hand over his phone to the Washington Post reporters or volunteer his browser history.
The Pillar justified its publication of the information on Msgr. Burrill by referring to his position at the USCCB, and in particular his oversight role regarding the sexual abuse scandal. Others have argued that priests in general should be held to a higher standard than lay people. In the post-Vatican II Church, however, lay people also hold positions of responsibility, from the local parish up to the Vatican, and so to me it is not so clear that transparency should be something exclusively, or even primarily, expected of clergy. After all, the app data and browser history of a millionaire with the ear of the local ordinary and who donates hundreds of thousands of dollars to the diocese and other local Catholic organizations is probably more publicly relevant to the Church than that of a seminarian. So whatever transparency standards we adopt, they ought to include lay people, or at least those in positions of authority or influence (and likewise they should have the same rights to privacy).
As that example illustrates, one last issue that this story raises is the influence that wealthy Catholics have over the Church and the extent they are held accountable for that influence. A lot of attention, for example, has been given to The Napa Institute and its wealthy donors, and the influence they have on the Church in the United States. Although for the most part these donors have good intentions for the Church, it is also undeniable that they often have specific agendas or priorities that may not best reflect the needs of the whole Church or that may neglect certain aspects of the Gospel (for example). There is very little to hold these donors, or bishops influenced by them, accountable, or to ensure that they don’t have an outsized voice in a Church that is, after all, supposed to have a preferential option for the poor (Pope John Paul II, Sollicitudo Rei Socialis, no. 42).
The case of Msgr. Burrill introduces a new way that wealthy Catholics can influence the Church. With enough money, you can buy the personal data of millions of people and use that data to influence the Church with very little accountability. In this case, the individuals have obtained location data for millions of individuals and have shown an intent to use that data to impact people’s lives. CLCR also chose to do so in secret, to avoid accountability. As another example, in 2018, former Trump White House adviser Steve Bannon worked with the organization CatholicVote to use location data to identify individuals who attended Catholic churches in Iowa and target them for pro-Tump ads during that year’s congressional elections.
The nondenominational prayer app Pray.com collects users’ data, including specific types of prayers accessed by users, such as prayers for improving a marriage, dealing with financial difficulties, or addressing anger problems. It is not hard to think of how this data could be used for manipulative, as well as benign, purposes. The Catholic prayer app Hallow, funded by Peter Thiel, Senator J.D. Vance, and other venture capitalists, collects similar data, but according to its privacy policy does not provide that data to third parties. Hallow’s privacy policy is actually fairly simple to read and addresses many of the ethical problems outlined earlier, a small but hopeful sign of how Catholic organizations can be sensible about privacy. It’s clearly past time for dioceses and parishes, and the Church as a whole, to also think sensibly about how to balance accountability in the Church with respect for privacy.
Let me know what you think about all of this in the comments. Respectful disagreements welcome, if you have them!
Coming Up…
Here are a few of the topics to expect in upcoming posts to Window Light:
The second half of my reflections on the hermeneutics of Vatican II, or rather, what happened before Vatican II (see here for the first half).
At the end of this week, I will be attending the Francis at 10 Conference at St. Ambrose University in Davenport, Iowa. Keynote speakers include Papal Nuncio Archbishop Christophe Pierre, Cardinal Joseph Tobin of Newark, journalist Austen Ivereigh, theologians Phyllis Zagano and Massimo Faggioli, economist Anthony Annett, and Kerry Robinson of the Leadership Roundtable. I will hopefully write about the conference next week.
In its ethics newsletter HCEUSA, the Catholic Health Association published an essay arguing that Catholic healthcare institutions do not need DEI programs, and in fact such initiatives are harmful to Catholic identity. I hope to respond to this essay, which touches on a topic very relevant not just to Catholic healthcare institutions, but all kinds of Catholic organizations, including parishes and diocesan offices. (Thank you to M. Therese Lysaught for pointing out this essay!)