December 15, 2021
Norway fines Grindr record amount for sharing user data
Norwegian authorities said on Wednesday that they were fining dating app Grindr more than six million euros for illegally sharing users' personal data with third parties.
The fine of 65 million Norwegian kroner ($7.2 million, 6.3 million euros) is the largest ever handed out for such a case in the Scandinavian country.
"Our conclusion is that Grindr has disclosed user data to third parties for behavioural advertisement without a legal basis," said Tobias Judin, head of the Norwegian Data Protection Authority's (DPA) international department.
Grindr, which bills itself as "the world's largest social networking app for gay, bi, trans, and queer people," is accused of sharing GPS coordinates, elements of its users' profiles such as age or sex and the very fact that they use the app, thus giving indications of their sexual orientation.
The lack of clear information about this practice given to users and lack of explicit approval on this point from them violates the General Data Protection Regulation (GDPR) adopted by the European Union in 2018, according to the Norwegian DPA.
"We consider that data revealing the fact that someone is a Grindr user strongly indicates that they belong to a sexual minority," the DPA said adding that this merits particular protection under the GDPR.
In January, DPA warned that Grindr faced a fine of 100 million kroner, or about 10 percent of its global revenue, but gave the company until February 15 to explain its position.
"We strongly disagree with Datatilsynet's (DPA) reasoning, which concerns historical consent practices from years ago, not our current consent practices," Shane Wiley, chief privacy officer at Grindr, reiterated Wednesday in an email to AFP.
"Even though Datatilsynet has lowered the fine compared to their earlier letter, Datatilsynet relies on a series of flawed findings, introduces many untested legal perspectives, and the proposed fine is therefore still entirely out of proportion," Wiley added.
The Norwegian consumer council, which together with Austrian NGO Noyb originally alerted Norway's DPA, welcomed the fine.
"Surveillance-based advertising, where companies collect and share personal data for commercial purposes, is completely out of control," Finn Myrstad, policy director at the Norwegian Consumer Council said.
"This sends a strong signal to all companies involved in commercial surveillance," he added.
"It's astonishing that the DPA has to convince Grindr that its users are LGBT+ and that this fact is not a commodity to be bartered" Ala Krinickyte, a lawyer from Noyb, stressed.
The company now has three weeks to appeal against the decision.
© 2021 AFP