Grindr Faces $12 Million Fine in Norway Over Data Sharing

Grindr LLC, maker of a popular dating app, may face a 100 million-krone ($12 million) privacy fine from Norwegian regulators for not giving users enough control over their data.

Grindr users were required to accept the full privacy policy to use the free version of the app and weren’t asked specifically about sharing data with third parties, the country’s Data Protection Authority said Tuesday, citing preliminary conclusions. The proposed fine would be 10% of the company’s revenue.

An important objective of European Union data protection rules “is precisely to prevent take-it-or-leave-it ‘consents,’” said Bjorn Erik Thon, director general of the DPA.

“Grindr is seen as a safe space, and many users wish to be discrete,” he said. “Nonetheless, their data have been shared with an unknown number of third parties, and any information regarding this was hidden away.”

Last year, the Norwegian Consumer Council filed a complaint against Grindr claiming unlawful sharing of personal data with third parties for marketing purposes. The service -- described as the world’s largest social-networking app for gay, bi, trans, and queer people -- gave user data such as location and sexual orientation to third parties involved in advertising and profiling, according to the report.

Particular Protection

“We believe that the fact that someone is a Grindr user speaks to their sexual orientation, and therefore this constitutes special category data that merit particular protection,” the regulator said.

Los Angeles-based Grindr said in a statement that the Norwegian case dates back to 2018 and does “not reflect Grindr’s current privacy policy or practices.” The company said it has retained valid legal consent from all of its users in the European Economic Area on multiple occasions.

Under EU rules, data fines can be as much as 4% of a company’s revenue or 20 million euros, whichever is higher. While Norway isn’t a formal member of the EU, it follows most of the bloc’s rules.

A final decision on the financial penalty won’t be made until after the company has had time to comment on the preliminary findings.

Finn Myrstad, director of digital policy at the Norwegian Consumer Council, said the draft decision is a “milestone” to protect privacy online. “It is unacceptable for companies to collect and share personal data without user’s permission,” he said.

©2021 Bloomberg L.P.

BQ Install

Bloomberg Quint

Add BloombergQuint App to Home screen.