Grindr, maker of a popular dating app, may face a 100-million-krone ($12m) privacy fine from Norwegian regulators for not giving users enough control over their data.

Grindr users were required to accept the full privacy policy to use the free version of the app and weren’t asked specifically about sharing data with third parties, the country’s Data Protection Authority said on Tuesday, citing preliminary conclusions. The proposed fine would be 10% of the company’s revenue.

An important objective of EU data protection rules “is precisely to prevent take-it-or-leave-it ‘consents’”, said Bjorn Erik Thon, director-general of the DPA.

“Grindr is seen as a safe space, and many users wish to be discrete,” he said. “Nonetheless, their data have been shared with an unknown number of third parties, and any information regarding this was hidden away.”

In 2020, the Norwegian Consumer Council filed a complaint against Grindr claiming unlawful sharing of personal data with third parties for marketing purposes. The service — described as the world’s largest social-networking app for gay, bisexual, transgender and queer people — gave user data such as location and sexual orientation to third parties involved in advertising and profiling, according to the report.

Particular protection

“We believe that the fact that someone is a Grindr user speaks to their sexual orientation, and therefore this constitutes special category data that merit particular protection,” the regulator said.

Representatives for Los Angeles-based Grindr didn’t immediately respond to requests for comment outside usual business hours.

Under EU rules, data fines can be as much as 4% of a company’s revenue or €20m, whichever is higher. While Norway isn’t a formal member of the EU, it follows most of the bloc’s rules.

A final decision on the financial penalty won’t be made until after the company has had time to say on the preliminary findings.

Finn Myrstad, director of digital policy at the Norwegian Consumer Council, said the draft decision is a “milestone” to protect privacy online. “It is unacceptable for companies to collect and share personal data without user’s permission,” he said.



Would you like to comment on this article or view other readers' comments?
Register (it’s quick and free) or sign in now.

Speech Bubbles

Please read our Comment Policy before commenting.