Asian man sitting on a wall using his phone

Grindr fined £5.5m for sharing data

The Norwegian Data Protection Authority (DPA) has slapped LGBTQ dating app Grindr with a €6.5m (£5.5m) fine after being found guilty of selling users’ data to advertisers without seeking their explicit consent, thus breaking General Data Protection Regulation (GDPR) rules.

The fine was initially set at £8.6m but was reduced after Grindr provided the Norwegian DPA with information about its finances and made changes to the app.

Largest fine to date levied by Norwegian DPA

The Grindr fine is the largest handed down, to date, by the Norwegian DPA, which said it had levied such a significant amount due to the GDPR infringements being, in their view, “grave.” The DPA began its investigation into Grindr following a complaint from the Norwegian Consumer Council.

In its judgment, Tobias Judin, head of the Norwegian DPA, commented: “Our conclusion is that Grindr has disclosed user data to third parties for behavioural advertisement without a legal basis.”

The Norwegian DPA’s investigation found that Grindr had shared the following information to advertisers without user permission:

  • GPS location
  • IP address
  • Advertising ID
  • Age
  • Gender
  • That the user was on Grindr

The latter point is considered particularly intrusive as details about an individual’s sexual orientation is “special category data” with specific protection under the GDPR.

Grindr users were also forced to agree to the app’s privacy policy but weren’t explicitly asked if they gave consent for their data to be shared for behavioural advertising purposes.

Despite the Norwegian DPA reducing the fine following the changes made by Grindr, which included changing how it collects permissions, it hasn’t assessed whether the new system is GDPR compliant. As such, Grindr may find itself with another data privacy problem in the near future, while it is yet to be determined whether the DPA will order Grindr to delete all personal data it has illegally collected and processed.

At the time of writing, Grindr had not yet appealed the fine – which it had three weeks to do from the mid-December judgment – nor announced if it planned to do so.

Has Grindr sold your information without your consent? You could be entitled to compensation

If you’re a Grindr user and the app has been processing your data without your permission, you could be entitled to data breach compensation.

Contact LawPlus today for a free, no-obligation assessment of your case.

Get in Touch

Fill in the form below to tell us your details, and we’ll get started.