Norway’s data protection watchdog has fined gay dating app Grindr more than €6 million for breaking privacy rules.
Grindr was found to have shared users’ personal data – without their permission – with hundreds of potential advertising partners.
The app had breached strict European Union privacy rules that Norway mirrors, the watchdog said in a statement on Wednesday.
Grindr has been fined 65 million kroner (€6.35 million) – a record for the country’s data privacy authority.
Norway had announced in January that it intended to fine Grindr more than €9 million — or around 10% of its global turnover — for data privacy breaches.
In 2020, the Norwegian Consumer Council had first filed a complaint against Grindr, saying the app had illegally shared users’ GPS locations, IP addresses, ages, gender, and their use of the app.
The personal information had been sent to several third parties for marketing purposes without users’ permission, the council claimed.
On Wednesday, the data privacy watchdog agreed and said users “were forced to accept the privacy policy in its entirety to use the app”.
Grindr users were not asked specifically if they wanted to allow their data to be shared with third parties “for behavioral advertisement,” the authority added.
“Furthermore, the information about the sharing of personal data was not properly communicated to users.”
Grindr has not responded to the fine and now has three weeks to appeal the verdict. The app has previously stated that the offenses were committed before April 2020, when its terms of use were updated.
The Consumer Council’s director of digital policy, Finn Myrstad, said the data protection agency’s decision “sends a strong signal to all companies involved in commercial surveillance.”
“It is astonishing that the DPA has to convince Grindr that its users are LGBT+ and that this fact is not a commodity to be bartered,” added Ala Krinickyte, from European Center for Digital Rights.