Grindr Fined €6.5m for Selling User Data Without Explicit Consent

Dating app Grindr has been fined €6.5m (£5.5m) for selling user data to advertisers without their explicit consent.

The fine was issued by the Norwegian Data Protection Authority (DPA) for “grave” infringements of GDPR rules. This was because Grindr shared highly sensitive ‘special category’ data with third parties without users' explicit consent, which is a requirement under the regulation. This includes GPS location, IP address, advertising ID, age and gender. Additionally, the third parties knew the user was on Grindr, a dating app for gay, bi, trans and queer people, meaning their sexual orientation data was exposed.

Users were forced to agree to the company’s privacy policy without being asked specifically if they consented to the sharing of their data for behavioral purposes.

Tobias Judin, head of the Norwegian DPA’s international department, explained: "Our conclusion is that Grindr has disclosed user data to third parties for behavioral advertisement without a legal basis."

The €6.5m penalty is the largest fine issued by the Norwegian data protection authority. However, this figure was reduced from £8.6m after Grindr provided details about its financial situation and had changed permissions on its app. However, the regulator added that it has not assessed whether this new consent mechanism complied with GDPR.

Grindr now has three weeks to decide whether to launch an appeal.

The Norwegian DPA’s decision was welcomed by consumer rights group the European Consumer Organisation (BEUC). Ursula Pachl, deputy director general of the BEUC, outlined: “Grindr illegally exploited and shared its users’ information for targeted advertising, including sensitive information about their sexual orientation. It is high time the behavioral advertising indust ..

Support the originator by clicking the read the rest link below.