Dating network Grindr has been slapped with a €6.3 million fine by Norwegian regulator Datatilsynet for sharing data with advertisers without consent from users.
The fine, levied on December 13, comes after Datatilsynet filed a complaint against Grindr in 2020, arguing that the service was sharing user data with third-parties without consent. The data includes GPS, IP address, age, and gender.
According to Tobias Judin, who leads Norway’s Data Protection Authority, users had to accept Grindr’s data terms to access the app, making proper consent impossible.
Grindr data privacy
Datatilsynet had initially fined Grindr around €10 million following an initial ruling in January 2021, but later revised this amount down after reviewing Grindr’s turnover figures. Despite reconsidering the amount, Norway considers the offence by Grindr to be “grave” - most likely because the data collected, including gender, falls under the EU’s GDPR rules.
Finn Myrstad, who leads the organisation responsible for the original complaint, told Politico that the fine “sends a strong signal to all companies involved in commercial surveillance. There are serious repercussions to sharing personal data without a legal basis. We call for the digital advertising industry to make fundamental changes to respect consumers’ rights.”
In a statement, Grindr strongly pushed back: “We strongly disagree with Datatilsynet’s reasoning, which concerns historical consent practices from years ago, not our current consent practices or Privacy Policy. Even though Datatilsynet has lowered the fine compared to their earlier letter, Datatilsynet relies on a series of flawed findings, introduces many untested legal perspectives, and the proposed fine is therefore still entirely out of proportion with those flawed findings.”
Grindr has three weeks to launch a formal appeal of the decision.
- Keep your data safe online with the best ID theft protection tools
