Norway’s data privacy watchdog on Wednesday fined gay dating app Grindr 65 million kroner ($7.16 million) for sending sensitive personal data to hundreds of potential advertising partners without users’ consent — a breach of strict European Union privacy rules.
The Norwegian Data Protection Authority said it imposed its highest fine to date because the California-based company didn’t comply with the EU’s tough data protection regulations. Norway isn’t a member of the 27-nation bloc but closely mirrors the rules of the European Union.
In 2020, Norway’s Consumer Council filed a complaint against Grindr for disclosing information about its users, including GPS locations, IP addresses, ages, gender and their use of the app, to several third parties for marketing purposes. That allowed users to be identified and third parties to potentially share personal information further.
“Furthermore, the information about the sharing of personal data was not properly communicated to users,” contrary to EU requirements for “valid consent,” the agency said.
Grindr didn’t immediately respond to an email seeking comment on the fine.
The Consumer Council’s director of digital policy, Finn Myrstad, said the data protection agency’s decision “sends a strong signal to all companies involved in commercial surveillance.”
Ala Krinickyte with the nonprofit European Center for Digital Rights said “it is astonishing that the DPA has to convince Grindr that its users are LGBT+ and that this fact is not a commodity to be bartered.”