IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Grindr given €6.5 million GDPR fine for selling special category user data without consent

The Norwegian DPA claims users' sexual orientations were exposed following the sale of data to third parties

Datatilsynet, the Norwegian Data Protection Authority (DPA), has fined location-based LGBTQ+ dating app Grindr €6.5 million (£5.4 million) for selling user data for advertising purposes without consent.

Considered the largest GDPR fine issued by the Nowegian authority to date, the penalty states Grindr unlawfully shared personal data of users with third parties for advertising and marketing purposes.

The fine was ultimately reduced from its initial sum of 100,000,000 NOK (£8.2 million) as a result of Grindr's co-operation with the Norwegian DPA and quick fixes to remediate its consent management platform.

Describing Grindr's infringements as "grave", the authority said that user GPS locations, IP addresses, advertising IDs, ages, and genders were included in the data shared with third parties. It also concluded that the fact users had been identified as Grindr account holders meant that sexual orienation data had been shared, which is considered a special category under GDPR and requires additional justification for processing.

"We consider that data revealing the fact that someone is a Grindr user strongly indicates that they belong to a sexual minority," said the Norwegian DPA. "Data concerning a person’s sexual orientation constitutes special category data that merit particular protection under the GDPR. As the consents Grindr collected were not valid, Grindr could not lawfully share such data.

"While it not defined as special categories of personal data in itself, location data is sensitive and personal. The fact that Grindr has also shared this data unlawfully adds to the severity of the case."

The DPA also said Grindr users were forced into accepting the app's privacy policy in order to access its full set of features and were not asked specifically if they consented to their data being shared with third parties for behavioural advertisement.

The fine is the largest ever issued by the Norwegian DPA, which said further orders may be issued to Grindr. The Norwegian Consumer Council, which originally filed the complaint against the company, has already claimed the dating app infringed additional provisions of GDPR and has asked the DPA to order Grindr to erase the illegally processed data.

Related Resource

Protecting every edge to make hackers’ jobs harder, not yours

How to support and secure hybrid architectures

White square with whitepaper title on top of a background image of a building and pavementFree download

Grindr has a three-week window in which it can launch an appeal to the fine, which may be extended depending on circumstances, the DPA said.

"We strongly disagree with Datatilsynet’s reasoning, which concerns historical consent practices from years ago, not our current consent practices or Privacy Policy," said Shane Wiley, chief privacy officer at Grindr, to IT Pro.

"Even though Datatilsynet has lowered the fine compared to their earlier letter, Datatilsynet relies on a series of flawed findings, introduces many untested legal perspectives, and the proposed fine is therefore still entirely out of proportion with those flawed findings.

"We’ve just received a copy of the letter from Datatilsynet and are analysing the document. The Company is considering its options including the right to appeal the findings to the Personvernnemnda (PVN - Appeal Board)," he added.

Featured Resources

IT best practices for accelerating the journey to carbon neutrality

Considerations and pragmatic solutions for IT executives driving sustainable IT

Free Download

The Total Economic Impact™ of IBM Spectrum Virtualize

Cost savings and business benefits enabled by storage built with IBMSpectrum Virtualize

Free download

Using application migration and modernisation to supercharge business agility and resiliency

Modernisation can propel your digital transformation to the next generation

Free Download

The strategic CFO

Why finance transformation propels business value

Free Download

Recommended

Analysing the economic benefits of Trend Micro Vision One
Whitepaper

Analysing the economic benefits of Trend Micro Vision One

16 Mar 2023
The IT manager's guide to getting home in time for dinner
Whitepaper

The IT manager's guide to getting home in time for dinner

15 Mar 2023
Better APIs for better business
Whitepaper

Better APIs for better business

13 Mar 2023
The global use of collaboration solutions in hybrid working environments
Whitepaper

The global use of collaboration solutions in hybrid working environments

9 Mar 2023

Most Popular

The big PSTN switch off: What’s happening between now and 2025?
Sponsored

The big PSTN switch off: What’s happening between now and 2025?

13 Mar 2023
Pension Protection Fund confirms employee data exposed in GoAnywhere breach
ransomware

Pension Protection Fund confirms employee data exposed in GoAnywhere breach

24 Mar 2023
Some GitHub users must take action after RSA SSH host key exposed
Security

Some GitHub users must take action after RSA SSH host key exposed

24 Mar 2023