Grindr hit with £8.6 million fine for GDPR consent breach

The Norweigan data watchdog finds the LGBTQ+ dating app shared data with third-party advertisers without sufficient consent

The Grindr app on a smartphone in front of a background of its logo

Online dating service Grindr has been fined 100,000,000kr (roughly £8.6 million) by the Norweigan data watchdog for sharing its users’ personal data with third-party advertisers without seeking adequate consent.

Following a lengthy investigation, the Norweigan Data Protection Authority (Datatilsynet) has concluded that Grindr shared user data, including special category personal data, with third parties for marketing purposes. This data included GPS locations, user profile data, and the fact the user in question was on Grindr; information not all users would be willing to disclose.

Based on its preliminary findings, Datatilsynet concluded that Grindr violated Article 6(1) and Article 9(1) of the data protection laws, which relate to illegally sharing user data to third parties without sufficient user consent. 

“Our view is that these people have had their personal data shared unlawfully,” said director-general of the Norweigan regulator, Bjørn Erik Thon. 

“An important objective of the GDPR is precisely to prevent take-it-or-leave-it “consents”. It is imperative that such practices cease.”

The company was accused of sharing users’ data with advertisers through software development kits (SDKs), with the advertising partners in question including Twitter’s MoPub platform, Xandr, OpenX, AdColony, and Smaato.

The regulator’s provisional fine represents a figure that’s roughly 11% of the company’s annual turnover, based on its calculations. This figure is “effective, proportionate and dissuasive”, according to Datatilsynet, and follows guidance set out under GDPR for how regulators should approach administering financial penalties. 

Grindr markets itself as the world’s largest dating app for the LGBTQ+ community and boasts 13.7 million active users across more than 200 countries. 

The Norweigan watchdog’s fine follows an official probe sparked following an earlier investigation led by the Norwegian Consumer Council. This initial investigation found the vendors of several widely-used apps were sharing data with third parties without adequate user consent, publishing its findings in January 2020.

The ruling carries huge significance, given a litany of comparable social media and tech companies may be operating data-sharing models similar in nature to that used by Grindr.

The document only represents a draft decision, however, and Grindr has been given the opportunity to respond by 15 February. The regulator will make its final decision once its representations are taken into account.  

Datatilsynet is also in the midst of ongoing investigations into the five advertisers name-checked in the report; Twitter’s MoPub, Xandr, OpenX, AdColony, and Smaato.

"Grindr is a social movement and a cultural phenomenon," the company told IT Pro. "Our goal is to create the leading social and digital media platform that enables the LGBTQ+ community and other users to discover, share and navigate the world around them.

"Grindr is confident that our approach to user privacy is first-in-class among social applications with detailed consent flows, transparency, and control provided to all of our users."

"The allegations from the Norwegian Data Protection Authority date back to 2018 and do not reflect Grindr's current Privacy Policy or practices.  We continually enhance our privacy practices in consideration of evolving privacy laws and regulations, and look forward to entering into a productive dialogue with the Norwegian Data Protection Authority."

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Most Popular

What should you really be asking about your remote access software?

What should you really be asking about your remote access software?

17 Nov 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

30 Nov 2021
How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

24 Nov 2021