Grindr hit with £8.6 million fine for GDPR consent breach

The Norweigan data watchdog finds the LGBTQ+ dating app shared data with third-party advertisers without sufficient consent

The Grindr app on a smartphone in front of a background of its logo

Online dating service Grindr has been fined 100,000,000kr (roughly £8.6 million) by the Norweigan data watchdog for sharing its users’ personal data with third-party advertisers without seeking adequate consent.

Following a lengthy investigation, the Norweigan Data Protection Authority (Datatilsynet) has concluded that Grindr shared user data, including special category personal data, with third parties for marketing purposes. This data included GPS locations, user profile data, and the fact the user in question was on Grindr; information not all users would be willing to disclose.

Based on its preliminary findings, Datatilsynet concluded that Grindr violated Article 6(1) and Article 9(1) of the data protection laws, which relate to illegally sharing user data to third parties without sufficient user consent. 

“Our view is that these people have had their personal data shared unlawfully,” said director-general of the Norweigan regulator, Bjørn Erik Thon. 

“An important objective of the GDPR is precisely to prevent take-it-or-leave-it “consents”. It is imperative that such practices cease.”

The company was accused of sharing users’ data with advertisers through software development kits (SDKs), with the advertising partners in question including Twitter’s MoPub platform, Xandr, OpenX, AdColony, and Smaato.

The regulator’s provisional fine represents a figure that’s roughly 11% of the company’s annual turnover, based on its calculations. This figure is “effective, proportionate and dissuasive”, according to Datatilsynet, and follows guidance set out under GDPR for how regulators should approach administering financial penalties. 

Grindr markets itself as the world’s largest dating app for the LGBTQ+ community and boasts 13.7 million active users across more than 200 countries. 

The Norweigan watchdog’s fine follows an official probe sparked following an earlier investigation led by the Norwegian Consumer Council. This initial investigation found the vendors of several widely-used apps were sharing data with third parties without adequate user consent, publishing its findings in January 2020.

The ruling carries huge significance, given a litany of comparable social media and tech companies may be operating data-sharing models similar in nature to that used by Grindr.

The document only represents a draft decision, however, and Grindr has been given the opportunity to respond by 15 February. The regulator will make its final decision once its representations are taken into account.  

Datatilsynet is also in the midst of ongoing investigations into the five advertisers name-checked in the report; Twitter’s MoPub, Xandr, OpenX, AdColony, and Smaato.

"Grindr is a social movement and a cultural phenomenon," the company told IT Pro. "Our goal is to create the leading social and digital media platform that enables the LGBTQ+ community and other users to discover, share and navigate the world around them.

"Grindr is confident that our approach to user privacy is first-in-class among social applications with detailed consent flows, transparency, and control provided to all of our users."

"The allegations from the Norwegian Data Protection Authority date back to 2018 and do not reflect Grindr's current Privacy Policy or practices.  We continually enhance our privacy practices in consideration of evolving privacy laws and regulations, and look forward to entering into a productive dialogue with the Norwegian Data Protection Authority."

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Recommended

Four tips for keeping your business secure during mass remote work
data protection

Four tips for keeping your business secure during mass remote work

19 Feb 2021
Cost of a data breach report 2020
Whitepaper

Cost of a data breach report 2020

2 Feb 2021
10 ways to protect your company from the next big data breach
data breaches

10 ways to protect your company from the next big data breach

28 Jan 2021
Misconfigured Git servers lead to Nissan data leak
hacking

Misconfigured Git servers lead to Nissan data leak

7 Jan 2021

Most Popular

How to build a CMS with React and Google Sheets
content management system (CMS)

How to build a CMS with React and Google Sheets

24 Feb 2021
Microsoft Exchange targeted by China-linked hackers
zero-day exploit

Microsoft Exchange targeted by China-linked hackers

3 Mar 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021