Grindr Faces $11.7 Million Fine For Illegally Sharing Users’ Data With Third Parties
Gay dating app Grindr faces a 9.6-million-euro ($11.7 million)fine in Norway for illegally disclosing private users’ data with third parties, the Norwegian Data Protection Authority said on Tuesday.
Grindr, the world’s most popular social networking app for gay, bi, trans, and queer people, is accused of sharing its users’ GPS coordinates, user profile data and the fact that the user is on Grindr, for marketing purposes.
“Our preliminary conclusion is that Grindr has shared user data to a number of third parties without legal basis,” Data Protection Authority director-general Bjorn Erik Thon said in a statement.
The New York Times reported that the agency said the app had transmitted users’ precise locations, user-tracking codes and the app’s name to at least five advertising companies, essentially tagging individuals as L.G.B.T.Q. without obtaining their explicit consent, in violation of European data protection law.
Grindr shared users’ private details with, among other companies, MoPub, Twitter’s mobile advertising platform, which may in turn share data with more than 100 partners, according to the agency’s ruling.
According to the authority, this violates the European Union’s GDPR, or data protection rules, on valid consent that were introduced in May 2018.
The authority, therefore, decided to notify Grindr that it will be fined around 10 per cent of its global turnover, or about $10 million, an unprecedented fine in the Nordic country.
The Norwegian Consumer Council, which had filed the initial legal complaint against Grindr, hailed the announcement as a “historic victory for privacy.”
Grindr has until February 15 to challenge the decision. The wrongdoing it is accused of took place before April 2020, when the app changed its user consent terms.
In January 2020, the Norwegian Consumer Council filed legal complaints against Grindr and five other apps, including Twitter-controlled MoPub, for violating personal data protection rules.
The other complaints are still being examined, the Data Protection Authority said.