Norway fines Grindr dating app $11.7M over privacy breach

LONDON (AP) — Norway plans to fine gay dating app Grindr more than $10 million for failing to get consent from users before sharing their personal information with advertising companies, in breach of stringent European Union privacy rules.

The Norwegian data privacy watchdog said Tuesday that it notified Grindr LLC of its draft decision to issue a fine for 100 million Norwegian krone ($11.7 million), equal to 10% of the U.S. company's global revenue.

The Data Protection Authority took action following a complaint by the Norwegian Consumer Council alleging that personal data was shared unlawfully for marketing purposes. The council had detailed in a report last year how Grindr and other dating apps leaked personal information to advertising technology partner companies to use for targeted advertising in ways that the council said violated the EU's tough GDPR privacy rules.

Norway isn't a member of the EU but closely mirrors the bloc's rules and regulations.

The watchdog came to the preliminary conclusion that Grindr shared user data with a number of third parties without legal basis. The data included GPS location, user profile information and even the fact that users are on Grindr, which could reveal their sexual orientation and therefore merit special protection.

“The Norwegian Data Protection Authority considers that this is a serious case," said Bjorn Erik Thon, the authority's director-general. “Users were not able to exercise real and effective control over the sharing of their data."

Grindr did not respond immediately to an email request for comment from the AP. Its spokesman in Norway, Bjoern Richard Johansen, confirmed to broadcaster NRK that it had received a letter from regulators to notify it of the fine.

“Grindr is looking forward to entering into a dialogue with the Norwegian Data Protection Authority,” Johansen told NRK, but said the company had no further comment.

Grindr has until Feb. 15 to give feedback, which the watchdog will take into account for its final decision.

The Data Protection Authority said the way Grindr asked users for permission to use their information went against GDPR's requirements for “valid consent.” Users weren’t given the chance to opt out of sharing data with third parties and were forced to accept Grindr's privacy policy in its entirety, it said, adding that users weren't properly informed about the data sharing.

The watchdog is still investigating five “ad tech" companies that received data from Grindr, including Twitter's mobile app advertising platform, MoPub.

The Norwegian Consumer Council welcomed the fine.

“We hope that this marks the starting point for many similar decisions against companies that engage in buying and selling personal data,” said the group's director of digital policy, Finn Myrstad.

___

Jan M. Olsen in Copenhagen contributed to this report.

___

For all of AP’s tech coverage, visit https://apnews.com/hub/technology

___

Follow Kelvin Chan at https://www.twitter.com/chanman

Bg pattern light

UPGRADE TO PREMIUM

Subscribe to Samoa Observer Online

Enjoy access to over a thousand articles per month, on any device as well as feature-length investigative articles.

Ready to signup?