Norwegian data protection agency said on Tuesday that dating app Grindr faces a record fine of 100 million crowns (14.2 million Canadian dollars) in Norway for illegally sharing data.
Grindr presents itself as the “world’s largest gay, bisexual, trans and gay dating network” and is accused of partnering with third parties, for marketing purposes, GPS coordinates, profile items for its users, and the fact that they use the app, which indicates their sexual preferences.
“Our initial conclusion is that Grindr provided personal data about its users to a number of third parties without legal basis,” Datatilsynet Director Bjorn Eric Thun said in a statement.
According to the agency, this practice conflicts with the General Data Protection Regulation (GDPR) applied in the European Union in May 2018.
So the authority decided to notify Grindr of a fine representing about 10% of its worldwide sales, or about $ 10 million, a level never seen in the northern country.
Grindr has until February 15 to confirm his position, before a possible final penalty.
The allegations against it date back to before April 2020, the date the app changed its terms of use.
In an email to AFP, Grinder highlighted the change.
“The Norwegian Data Protection Authority allegations date back to 2018 and do not reflect Grindr’s current privacy policy or practices,” the group said.
“We are constantly improving our privacy practices in light of changing laws and regulations,” he added, saying that he “looks forward” to engaging in a “fruitful dialogue” with Datatilsynet.
In January 2020, the Norwegian Consumer Council filed a complaint against Grindr and five other apps, including Twitter’s controlled MoPub, for violating personal data protection rules.
Tuesday, he hailed a “historic victory for privacy”.
In Brussels, the European Bureau of Consumer Unions (BEUC), a federation of consumer associations in 32 countries, welcomed the Norwegian announcement which, he said, showed that the GDPR “has teeth”.
“This is excellent news that clearly indicates that it is illegal to monitor consumers 24 hours a day, 7 days a week, without their consent, to collect and share their data,” said Monique Joyens, the company’s chief executive.
Datatilsynet said other complaints raised by the Norwegian Consumer Council are still under investigation.
