Grindr took the Norwegian Government Attorney to court on the last Friday of October. Grindr thinks that the Norwegian Data Protection Authority and the Personal Data Protection Board misinterpreted the GDPR.
During autumn, the appeals body confirmed a fine of NOK 65 million issued by the supervisory authority. Kelly Peterson Miranda, the data protection representative, clarified to NRK that the lawsuit is not focused on past practices but rather on the impact it will have on all data processing at Grindr. The supervisory authority’s decision was based on a report from the Consumer Council (Forbrukerrådet), which revealed that the app shared users’ GPS location, advertiser ID, and app name with marketing partners.
Grindr tells NRK that they share data according to an outdated industry standard.
The hookup app is aimed at queer people, but it is especially popular among gay men in Norway.
Miranda says that they need clear instructions or a definite decision stating that using Grindr automatically classifies all the data they collect and process as special categories of personal data.
Processing personal data in violation of privacy regulations is strictly forbidden. There are additional stringent requirements imposed on its usage.
Miranda is concerned that the decisions made by Norway will create obstacles for running services like Grindr in Europe. According to Miranda, the problem lies in the fact that these decisions not only provide guidelines for targeted advertising, but also for other activities such as combating fraud and contextual advertising.
Grindr also seeks to have the record fine either reduced or completely eliminated.
Miranda expresses the desire to have the fine removed or reduced through a trial.
The Norwegian Data Protection Authority supports the tribunal’s decision, believing it to be correct. They acknowledge the subpoena and will closely monitor the case. It is observed that privacy is once again being challenged and put under pressure by large, commercial players. These players possess substantial resources and legal power, which they utilise to defend their own business model. This model is increasingly being criticized by numerous authorities, as stated by Line Coll, the director of the Norwegian Data Protection Authority, in a statement to NRK.