Dating app Grindr faces a record fine of 100 million kroner ($ 14.2M CAD) in Norway for illegal data sharing, the Norwegian data protection authority said on Tuesday.
Presenting itself as “the world’s largest dating network for gay, bi, trans and queer people,” Grindr is accused of having shared with third parties, for marketing purposes, GPS coordinates, elements of the profile of his users and the very fact that they use the app, thus giving indications of their sexual preferences.
“Our preliminary conclusion is that Grindr has provided personal data about its users to a number of third parties without a legal basis,” Datatilsynet director Bjørn Erik Thon said in a statement.
According to the authority, this practice is contrary to the General Data Protection Regulation (GDPR) implemented in the European Union in May 2018.
The authority has therefore decided to notify Grindr of a fine representing around 10% of its worldwide turnover, or some 10 million dollars, a level unheard of in the Nordic country.
Grindr has until February 15 to assert his position, before a possible final sanction.
The allegations against him date from before April 2020, the date on which the application changed its conditions of use.
In an email to AFP, Grindr highlighted the change.
“We are continually improving our privacy practices in light of changing laws and regulations,” he added, saying he was “looking forward” to engaging in a “productive dialogue” with Datatilsynet.
In January 2020, the Norwegian Consumer Council lodged a complaint against Grindr and five other apps, including Twitter-controlled MoPub, for violating personal data protection rules.
Tuesday, he hailed “a historic victory for privacy.”
In Brussels, the European Bureau of Consumers’ Unions (BEUC), a federation of consumer associations in 32 countries, also welcomed the Norwegian announcement which, according to him, shows that the GDPR “has teeth”.
“This is excellent news which clearly indicates that it is illegal to monitor consumers 24 hours a day, 7 days a week, without their consent, to collect and share their data,” noted its CEO, Monique Goyens.
The other complaints raised by the Norwegian Consumer Council are still being investigated, Datatilsynet said.