Norway slaps Grindr with €10m fine for sharing client data, abusive 'consents'
Twitter Inc
$53.70
11:00 08/03/24
Meet-up app Grindr has been fined €10m by Norway’s data protection agency after it found it had violated consent regulations.
The app had failed to comply with the General Data Protection Regulation of the region which sets out strict rules for processing people’s data.
GDPR allows for fines to amount to 4% of global annual turnover or up to €20M, whichever is higher.
In this case Grindr has been sanctioned for around 10% of its annual revenue.
“We have notified Grindr that we intend to impose a fine of high magnitude as our findings suggest grave violations of the GDPR,” said Bjørn Erik Thon, Director General of the Norwegian agency, in a statement.
“Grindr has 13.7 million active users, of which thousands reside in Norway. Our view is that these people have had their personal data shared unlawfully. An important objective of the GDPR is precisely to prevent take-it-or-leave-it ‘consents’. It is imperative that such practices cease.”
In 2020, the Norwegian Consumer Council opened an investigation into different data sharing practices by companies that had business in the country. It found that the majority of apps transmitted data to “unexpected third parties” without correctly informing users.
Grindr was one of the apps featured in the NCC report.
It said users of Grindr were forced to accept the privacy policy in its entirety — and were not asked if they wanted to consent with the sharing of their data to third parties.
After its report last year, the NCC also filed complaints against five of the third parties who it found to be receiving data from Grindr: MoPub (owned by Twitter), Xandr (formerly known as AppNexus), OpenX Software, AdColony, and Smaato.
“The Norwegian Data Protection Authority considers that this is a serious case,” added Thon. “Users were not able to exercise real and effective control over the sharing of their data. Business models where users are pressured into giving consent, and where they are not properly informed about what they are consenting to, are not compliant with the law."