Grindr’s record $6 million data-sharing fine upheld

Grindr will have to dig into its coffers as the Norwegian Privacy Appeals Board upheld its NOK 65 million ($6.12 million) fine over the app sharing user data with third parties.

The decision to slap Grindr with a multi-million-dollar fine ends a three-year dispute between Grindr and the Norwegian Consumer Council (NCC). In 2020, the Council complained that Grindr collects and shares personal user data with thousands of companies that provide targeted advertising services.

The data which Grindr shared between July 2018 and April 2020 included GPS location, IP address, the mobile phone’s advertising ID, age, and gender. Another layer of sensitivity comes with the fact that Grindr’s user base primarily subscribes to the “LGBTQ lifestyle.”

In 2021, NCC decided that Grindr’s data privacy practices violated the General Data Protection Regulation (GDPR), a European Union privacy law. While Norway is not a member of the EU, it is a member of the European Economic Area (EEA) and is bound by GDPR in the same manner as EU members.

Grindr appealed the decision in 2022, and the case was sent to Personvernnemnda, which decided to uphold the original decision.

“We are very satisfied that the Personal Protection Board agrees with our conclusions and has upheld our decision. This has been an important and prioritized matter for the Norwegian Data Protection Authority and not least for consumers’ privacy,” Line Coll, director of the Norwegian Data Protection Authority (NDPA), said.

The Board agreed with the NDPA’s original decision that user consent for Grindr to share personal data was “neither voluntary, specific, nor informed.” Users were not given a free choice to consent to the disclosure of personal data during registration for the app.

The NOK 65 million ($6.12 million) fine is the highest Norway’s privacy watchdog has ever imposed. The officials reason that thousands of users in Norway had their personal data illegally disclosed to an unknown number of companies.

“The Board also points out that it is a deliberate act where one has deliberately chosen a technical solution that does not make it possible to register without at the same time “approving” the disclosure of information for use in behavior-based marketing,” Norwegian authorities said.

The Board’s decision cannot be further appealed, but Grindr could sue the court over the validity of the ruling.

More from Cybernews:

DarkBeam leaks billions of email and password combinations

China’s chamber asks US to “carefully consider” tech investment ban

MOVEit maker warns of new critical bug affecting thousands

Dozens of Mullvad VPN accounts discovered on the dark web

Researchers extract audio from still images and silent videos

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked