Grindr hit with £8.6 million fine for GDPR consent breach

The Norweigan data watchdog finds the LGBTQ+ dating app shared data with third-party advertisers without sufficient consent

The Grindr app on a smartphone in front of a background of its logo

Online dating service Grindr has been fined 100,000,000kr (roughly £8.6 million) by the Norweigan data watchdog for sharing its users’ personal data with third-party advertisers without seeking adequate consent.

Following a lengthy investigation, the Norweigan Data Protection Authority (Datatilsynet) has concluded that Grindr shared user data, including special category personal data, with third parties for marketing purposes. This data included GPS locations, user profile data, and the fact the user in question was on Grindr; information not all users would be willing to disclose.

Based on its preliminary findings, Datatilsynet concluded that Grindr violated Article 6(1) and Article 9(1) of the data protection laws, which relate to illegally sharing user data to third parties without sufficient user consent. 

“Our view is that these people have had their personal data shared unlawfully,” said director-general of the Norweigan regulator, Bjørn Erik Thon. 

“An important objective of the GDPR is precisely to prevent take-it-or-leave-it “consents”. It is imperative that such practices cease.”

The company was accused of sharing users’ data with advertisers through software development kits (SDKs), with the advertising partners in question including Twitter’s MoPub platform, Xandr, OpenX, AdColony, and Smaato.

The regulator’s provisional fine represents a figure that’s roughly 11% of the company’s annual turnover, based on its calculations. This figure is “effective, proportionate and dissuasive”, according to Datatilsynet, and follows guidance set out under GDPR for how regulators should approach administering financial penalties. 

Grindr markets itself as the world’s largest dating app for the LGBTQ+ community and boasts 13.7 million active users across more than 200 countries. 

The Norweigan watchdog’s fine follows an official probe sparked following an earlier investigation led by the Norwegian Consumer Council. This initial investigation found the vendors of several widely-used apps were sharing data with third parties without adequate user consent, publishing its findings in January 2020.

The ruling carries huge significance, given a litany of comparable social media and tech companies may be operating data-sharing models similar in nature to that used by Grindr.

The document only represents a draft decision, however, and Grindr has been given the opportunity to respond by 15 February. The regulator will make its final decision once its representations are taken into account.  

Datatilsynet is also in the midst of ongoing investigations into the five advertisers name-checked in the report; Twitter’s MoPub, Xandr, OpenX, AdColony, and Smaato.

"Grindr is a social movement and a cultural phenomenon," the company told IT Pro. "Our goal is to create the leading social and digital media platform that enables the LGBTQ+ community and other users to discover, share and navigate the world around them.

"Grindr is confident that our approach to user privacy is first-in-class among social applications with detailed consent flows, transparency, and control provided to all of our users."

"The allegations from the Norwegian Data Protection Authority date back to 2018 and do not reflect Grindr's current Privacy Policy or practices.  We continually enhance our privacy practices in consideration of evolving privacy laws and regulations, and look forward to entering into a productive dialogue with the Norwegian Data Protection Authority."

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

1Password targets enterprise customers with Secrets Automation
IT infrastructure

1Password targets enterprise customers with Secrets Automation

14 Apr 2021
The definitive guide to IT security
Whitepaper

The definitive guide to IT security

9 Apr 2021
Ubiquiti insider says the company downplayed the severity of a major breach
data breaches

Ubiquiti insider says the company downplayed the severity of a major breach

31 Mar 2021
Forex broker FBS leaves millions of customer records exposed
data breaches

Forex broker FBS leaves millions of customer records exposed

25 Mar 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget
Mobile Phones

Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget

13 Apr 2021
NSA uncovers new "critical" flaws in Microsoft Exchange Server
servers

NSA uncovers new "critical" flaws in Microsoft Exchange Server

14 Apr 2021