On Monday January 25, the Norwegian Data Protection Authority announced that Grindr would be fined $ 11.7 million for disclosing confidential data about its users. The application specializing in gay dating is said to have shared the information in question with advertising companies.
According to reports, the decision will become final after February 15. Grindr will then have to react before that date if she does not want to be forced to pay the sum. Investigations are also said to be underway to determine whether the advertising companies that received the information also violated European data protection law.
This fine is known to come about a year after some European nonprofit groups filed complaints against Grindr and its advertising partners with data protection regulators.
Sharing private information without consent
According to the Norwegian agency, the information shared includes the name of the app, the precise location of the users, their tracking code, as well as a mark indicating that the people are LGBTQ. According to the agency, Grindr did not obtain users' consent before sharing the data.
Among the companies that Grindr has shared data with is MoPub which is Twitter's mobile advertising platform. She works with 100 other partners with whom she could also share information.
A practice that could put users at risk
By sharing the private information of its users, Grindr not only violated European data protection laws, it could also have put its users at risk. The head of the Norwegian Data Protection Authority's international department, Tobias Judin, said the information sharing could have harmed users living in countries where consensual same-sex acts are illegal. One can for example quote Qatar or Pakistan.
“If someone finds out they are gay and knows their movements, they could be targeted,” Judin explained.
In his defense, Grindr, through his spokesperson, said his "approach to user privacy" was the best among social apps that exist today. On the other hand, the spokesperson said that the company had already obtained “valid legal consent” on several occasions from all of its users in Europe.
Finn Myrstad, director of digital policy for the Norwegian Consumer Council who is among the groups that filed the complaint, said the decision will set limits for Grindr and will also establish strict legal requirements for all who profit from the collection and sharing of users' private information.
Grindr announced its willingness to engage with the Norwegian Data Protection Authority to find a solution to the issue and added that the company is continuously improving its privacy practices in relation to changing laws and regulations relating to protection of privacy.