The privacy regulator found that Grindr violated article 58 of the General Data Protection Regulation by: Having disclosed personal data to third party advertisers without a legal basis ; Having disclosed special category personal data to third party advertisers without a valid exemption from the prohibition in article 9(1) GDPR, which provides exemptions for certain types of data, none of which are for advertising purposes.
Article 58 of GDPR (Source: EUR-Lex)
A Grindr spokeswoman tells Information Security Media Group: The allegations from the Norwegian Data Protection Authority date back to 2018 and do not reflect Grindr s current privacy policy or practices. We continually enhance our privacy practices in consideration of evolving privacy laws and regulations and look forward to entering into a productive dialogue with the Norwegian Data Protection Authority.
Grindr faces fine of nearly $12 million in Norway for alleged privacy violations
(Getty Images) Jan 27, 2021 | CYBERSCOOP
Norway’s data protection agency is proposing a fine of $11.7 million against Grindr for the alleged improper sharing of users’ data to third-party companies for marketing purposes.
The Norwegian Data Protection Authority (DPA) said Tuesday that Grindr, which bills itself as “the world’s leading LGBTQ+ social application,” had shared, without full consent, users’ GPS locations, profile data and other information with other companies. Grindr has until Feb. 15 to argue against the decision.
The case, which applies to the free version of the app, originated with a 2020 complaint from the Norwegian Consumer Council, and it falls under Europe’s General Data Protection Regulation (GDPR). The DPA said the fine of 100 million Norwegian kroner would represent its largest ever, reflecting that “our findings suggest grave violations
The privacy regulator found that Grindr violated article 58 of the General Data Protection Regulation by: Having disclosed personal data to third party advertisers without a legal basis ; Having disclosed special category personal data to third party advertisers without a valid exemption from the prohibition in article 9(1) GDPR, which provides exemptions for certain types of data, none of which are for advertising purposes.
Article 58 of GDPR (Source: EUR-Lex)
A Grindr spokeswoman tells Information Security Media Group: The allegations from the Norwegian Data Protection Authority date back to 2018 and do not reflect Grindr s current privacy policy or practices. We continually enhance our privacy practices in consideration of evolving privacy laws and regulations and look forward to entering into a productive dialogue with the Norwegian Data Protection Authority.
The world s largest social networking and dating app for gay, bisexual and trans people is facing a hefty fine in Norway over an alleged breach of data privacy.
On Tuesday, Norway’s Data Protection Authority (NDPA) announced its intention to fine Grindr 100 million Norwegian crowns ($11.7m) for illegally disclosing user data to advertising firms.
The American company, which launched back in 2009, said that the allegations made by the Norwegian regulator hark back to 2018, when Grindr had different privacy policies and practices in place.
The large financial penalty corresponds to approximately 10% of Grindr’s estimated global annual revenue. Our preliminary conclusion is that Grindr has shared user data to a number of third parties without legal basis, said Bjørn Erik Thon, data protection commissioner of the NDPA.