The Norwegian Data Protection Authority notifies a fee of NOK 100 million to the dating app Grindr for breach of the consent requirements in the GDPR.
Our preliminary conclusion is that Grindr has disclosed personal information about the users to a number of third parties without a legal basis, says Bjørn Erik Thon, director of the Norwegian Data Protection Authority (Datatilsynet).
Grindr is a location-based dating app for gay and bisexual men, transgender people. In 2020, the Norwegian Consumer Council (Forbrukerrådet ) complained Grindr to the Norwegian Data Protection Authority because Grindr provides GPS location, information from the user profiles and that the person in question is a Grindr user to several third parties for marketing purposes. Third parties may potentially share this data further.
Our preliminary conclusion is that Grindr needs consent to share this personal information and that Grindr’s consent was not valid.
In addition, we believe that being a Grindr user is a special category of sensitive personal information that should be protected because it says something about the person’s sexual orientation.
– Norwegian Data Protection Authority takes the matter very seriously. Users were not allowed to exercise real control over the disclosure of their own personal information. Business models that involve forcing the user to agree to something, and without explaining well what they agree to, are not in line with the law, says Bjørn Erik Thon.
