Norwegian regulator imposes Grindr GDPR fine of 6.3 million euros

The Norwegian privacy watchdog has fined dating app Grindr 6.3 million euros for violation of the privacy law. Grindr illegally shared data with third parties for marketing purposes. The fine is lower than the DPA proposed to hand out a year ago.

Datatilsynet fined the company 65 million kronor. That is converted to about 6.33 million euros. The privacy regulator says the app passed on identifiable data about users to advertisers. It involved location data, IP addresses and information about the user, such as his age and gender. All that information was combined through an advertising ID. The user gave permission to collect the data, but not to share that data with advertisers, says Datatilsynet. Users were forced to accept the privacy policy. It did not specifically ask for permission to share. The violation took place between July 2018 and April 2020.

The fine comes more than a year after the privacy watchdog announced its intention to impose the fine. The watchdog launched an investigation after a Norwegian consumer organization filed a complaint. That complaint was about more popular apps, including Tinder. Datatilsynet has not yet released anything about the investigation into those parties.

It is the highest fine that the Norwegian privacy watchdog has ever imposed, but the final amount is nevertheless lower than what the authority previously proposed. That’s because Grindr made changes to its data collection after the investigation began. Datatilsynet also says it will take into account “Grindr’s size and financial situation” in its decision. The company can still appeal the fine, but it is not yet known whether it will do so.