Grindr ordered to pay millions for sharing user data

A Norwegian court ordered the dating app Grindr to pay a long-disputed fine over the company’s practice of sharing sensitive user data with advertisers.

The 65 million Norwegian krone ($6 million) fine was slapped after the Norwegian Consumer Council (NCC) discovered how Grindr shares sensitive data with companies that provide target advertising services.

“The collection, sharing and use of personal data for commercial purposes is out of control – and is finally being cracked down on. We are satisfied that the court clearly affirms that Grindr’s sharing of sensitive information with third parties is illegal,” director general Inger Lise Blyverket said.

The NCC filed a complaint against Grindr in 2020 after learning the app shares data about its users with several third parties, some of which reserved the right to further share the information with thousands of other companies.

The Norwegian Data Protection Authority (Datatilsynet) and the Norwegian Privacy Appeals Board (Personvernnemda) ruled that such practice breaches the European Union’s General Data Protection Regulation (GDPR). While Norway is not a member of the EU, it is a member of the European Economic Area (EEA), which incorporated GDPR into EEA’s agreement.

The Norwegian authorities aim to enact a national ban on what it calls “surveillance-based advertising.”

“There are many examples of how personal data is used for all manner of purposes, including to influence elections and to target advertising to individuals struggling with addictions and other vulnerabilities. Such information can also be used to target and persecute minority individuals and groups,” the NCC said.