Norway’s Data Protection Authority said on Tuesday it plans to fine dating app Grindr 100 million Norwegian crowns ($11.7 million) for what the regulator said was illegal disclosure of user data to advertising firms.
U.S.-based Grindr, which describes itself as the world’s largest social networking app for gay, bisexual, transgender and queer people, did not immediately respond to an e-mailed request for comment.
“Our preliminary conclusion is that the breaches are very severe,” the Norwegian agency said in a statement announcing what it said was a record fine corresponding to around 10% of Grindr’s estimated global annual revenue.
Grindr has until Feb. 15 to respond to the claims, after which the Data Protection Authority will make its final decision in the case, the agency said.
Europe’s General Data Protection Regulation (GDPR) sets guidelines for the collection, processing and sharing of personal information in the European Union as well as in non-EU Norway.
The Norwegian Consumer Council (NCC), a watchdog, said in a January 2020 report that Grindr shared detailed user data with third parties involved in advertising and profiling, such as a user’s IP address, advertising ID, GPS location, age and gender.
In some cases, widespread sharing of personal data can become a matter of physical safety if users are located and targeted in countries where homosexuality is illegal, the NCC said at the time.
In a statement on Tuesday, the NCC hailed the decision to fine Grindr as a historic victory for privacy.
(Reporting by Gwladys Fouche and Terje Solsvik; Editing by Stephen Coates)