LGBTQ dating app Grindr has finally been issued with a £5.5m fine by the Norwegian authorities after being caught with its trousers down selling user data to advertisers.
The ruling dates back to January this year when the Norwegian Data Protection Authority notified Grindr that it intended to issue a fine of 100m krona (£8.5m) – equivalent to 10% of its annual turnover – for sharing users’ data without adequate consent.
The move followed a complaint registered by the Norwegian Consumer Council (NCC) which claimed Grindr had been handing out sensitive user information willy-nilly to ad companies, in what it branded an “insane violation” of GDPR.
The data shared included GPS location and user profile data without consent. Additionally, it ruled that the fact that someone is a Grindr user speaks to their sexual orientation, and this data is “special category” information that requires tougher protection.
In the end, Grindr managed to get the fine reduced from £8.5m to £5.5m after the company provided details about its finances, and made changes to its app.
Although not a member of the EU, Norway is a member of the European Economic Area (EEA) and GDPR became applicable in Norway on July 20 2018.
The head of the Norwegian Data Protection Authority’s international department, Tobias Judin, said: “Our conclusion is that Grindr has disclosed user data to third parties for behavioural advertisement without a legal basis.”
Investigations into complaints filed against the five advertising companies that received the data – Twitter-owned MoPub, Xandr (formerly AppNexus), OpenX Software, AdColony, and Smaato – continue.
Related stories
Grindr faces severe spanking for GDPR consent breach
Grindr faces privacy probe as Chinese owners jump
Swipe left: Top apps accused of ‘insane’ GDPR violation
Faking it: Match Group hit by legal action over false ads
Gay dating app Jack’d slapped with $240,000 payout
Casual dating giant spanked over shoddy data practices
