Grindr Faces NOK 65-Million Fine in Norway Over Privacy Breach

Grindr didn't comply with the EU’s tough data protection regulations, Norwegian Data Protection Authority said.

Grindr Faces NOK 65-Million Fine in Norway Over Privacy Breach

The complaint alleged Grindr shared sensitive data like locations, ages, gender with third parties

Highlights
  • Norway's Consumer Council filed a complaint against Grindr in 2020
  • The fine is the highest so far by Norway's Data Protection Authority
  • Grindr says it is considering appealing the Norwegian watchdog's fine

Norway's data privacy watchdog on Wednesday fined dating app Grindr NOK 65 million (roughly Rs. 55 crore) for sending sensitive personal data to hundreds of potential advertising partners without users' consent — a breach of strict European Union privacy rules.

The Norwegian Data Protection Authority said it imposed its highest fine to date because the California-based company didn't comply with the EU's tough data protection regulations. Norway isn't a member of the 27-nation bloc but closely mirrors EU rules.

Grindr said the agency's findings related to consent policies from years ago, not its current practices, and that it is considering its next steps, including an appeal.

The data watchdog “relies on a series of flawed findings, introduces many untested legal perspectives, and the proposed fine is therefore still entirely out of proportion with those flawed findings," said Grindr's chief privacy officer, Shane Wiley.

In 2020, Norway's Consumer Council filed a complaint against Grindr for disclosing information about its users, including GPS locations, IP addresses, ages, gender and their use of the app, to several third parties for marketing purposes. That allowed users to be identified and third parties to potentially share personal information further.

The data privacy watchdog said users “were forced to accept the privacy policy in its entirety to use the app” and were not asked specifically if they wanted to allow their data to be shared with third parties “for behavioural advertisement.”

“Furthermore, the information about the sharing of personal data was not properly communicated to users," contrary to EU requirements for “valid consent,” the agency said.

The Consumer Council's director of digital policy, Finn Myrstad, said the decision by the Data Protection Authority “sends a strong signal to all companies involved in commercial surveillance.”

Ala Krinickyte with the nonprofit European Center for Digital Rights said "it is astonishing that the DPA has to convince Grindr that its users are LGBT+ and that this fact is not a commodity to be bartered.”

Grindr said in a statement that “protecting users' interests and ensuring that we put them in control of their personal data have always been our top priorities."

“We have also been proactive in adopting industry-leading privacy positions and tools, like detailed consent flows, granular user privacy controls, and ‘just-in-time' app notifications," Wiley said.


Why does Redmi refresh its phones so soon? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

OnePlus Nord 2 CE 5G India Launch Tipped for the First Quarter of 2022
Share on Facebook Tweet Snapchat Share Reddit Comment
 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2022. All rights reserved.