Grindr is a widely popular gay dating app and is based in California, USA. The company said the DPA’s finding pertains to its policies from years ago and therefore disagrees with it. Grindr is currently contemplating its next steps, including an appeal.
Fine Reduced from $11.7 million to $7.16 Million
The complaint against Grindr dates back to 2020 when the Norway Consumer Council claimed that it violated user privacy by sharing user data with advertisers and other third parties. Below is a list of user information that was shared:
GPS location IP address age gender advertising ID
The data also disclosed the fact that the user was on Grindr. Furthermore, the council claimed that users could be identified from the shared data. There was also no safeguard to prevent the advertisers from sharing the data with other parties. In early 2021, the Datatilsynet said it planned to fine Grindr 100 million kroner ($11.7 million). It then provided Grindr a chance to respond to the allegations. Now, the authority has decided to reduce the fine after it received new information about Grindr’s finances, as well as changes the company has made to address the data privacy problem.
Grindr Violated User Consent and Shared “Special Categories of Data” with Third Parties
In its latest finding, the Datatilsynet said it found that Grindr did not have valid user consent to share its information. The agency also said that users were forced to accept the app’s privacy policy and were not specifically asked if they agreed to have their information shared with third parties for behavioral advertisement. Therefore, Grindr violated the GDPR requirements for valid consent. In addition, the authority said the app did not treat user data with adequate protection. As mentioned earlier, Grindr told advertisers that the data belonged to its users, which “strongly indicates” that they are a sexual minority. Under the GDPR, information belonging to a sexual minority is a special category of data and is to be treated with particular protections. The authority determined that Grindr failed to adequately protect its users, thereby violating the GDPR’s rules for special categories of data.
Grindr Disagrees with the Decision
Grindr said it does not agree with the authority’s decision, claiming that the verdict does not accurately reflect the company’s current policies. Shane Wiley, Grindr’s chief privacy officer said the Datatilsynet “relies on a series of flawed findings, introduces many untested legal perspectives, and the proposed fine is therefore still entirely out of proportion with those flawed findings.”