Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

Norway to Fine Dating App Grindr $11.7M Over Privacy Breach

Gay dating app Grindr faces a fine of more than $10 million from Norwegian regulators for failing to get consent from users before sharing their personal information with advertising companies, in breach of stringent European Union privacy rules.

Gay dating app Grindr faces a fine of more than $10 million from Norwegian regulators for failing to get consent from users before sharing their personal information with advertising companies, in breach of stringent European Union privacy rules.

The Norwegian data privacy watchdog said Tuesday that it notified Grindr LLC of its draft decision to issue a fine for 100 million Norwegian krone ($11.7 million), equal to 10% of the U.S. company’s global revenue.

The Data Protection Authority took action following a complaint by the Norwegian Consumer Council alleging personal data was shared unlawfully for marketing purposes. The council had detailed in a report last year how Grindr and other dating apps leaked personal information to advertising technology companies for targeted ads in ways the council said violated the EU’s tough GDPR privacy rules.

Norway isn’t a member of the EU but closely mirrors the bloc’s rules and regulations.

“The Norwegian Data Protection Authority considers that this is a serious case,” said Director-General Bjorn Erik Thon. “Users were not able to exercise real and effective control over the sharing of their data.”

The company has until Feb. 15 to give feedback, which the watchdog will take into account for its final decision.

Grindr said it looked forward to holding a “productive dialogue” with Norwegian regulators about the allegations, which it said date back to 2018 and don’t reflect current privacy policy or practices.

The app’s privacy approach includes “detailed consent flows, transparency, and control” provided to all users, the company said, adding it has “retained valid legal consent” from all its European users “on multiple occasions.”

Advertisement. Scroll to continue reading.

“We continually enhance our privacy practices in consideration of evolving privacy laws and regulations,” the company said in a statement.

The watchdog’s preliminary conclusion is that Grindr shared user data with a number of third parties without legal basis. The data included GPS location, user profile information as well as the fact that users are on Grindr, which could indicate their sexual orientation.

Sharing such information could put someone at risk of being targeted, the authority said in its notice to Grindr.

The fact that a person “is a Grindr user may lead to prejudice and discrimination even without revealing their specific sexual orientation,” it said.

The Data Protection Authority said the way Grindr asked users for permission to use their information went against GDPR’s requirements for “valid consent.” Users weren’t given the chance to opt out of sharing data with third parties and were forced to accept Grindr’s privacy policy in its entirety, it said, adding that users weren’t properly informed about the data sharing.

The watchdog is still investigating five “ad tech” companies that received data from Grindr, including Twitter’s mobile app advertising platform, MoPub, which has more than 160 partners.

The Norwegian Consumer Council welcomed the fine.

“We hope that this marks the starting point for many similar decisions against companies that engage in buying and selling personal data,” said the group’s director of digital policy, Finn Myrstad.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Application Security

Open banking can be described as a perfect storm for cybersecurity. At one end, small startups with financial acumen but little or no security...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Government

The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into...