Norway fines Grindr over alleged privacy breach

The Norwegian Data Protection Authority (NDPA) — the country’s data privacy watchdog — fined gay dating app Grindr 65 million kroner ($7.16 million) after the company allegedly sent personal data to advertisers without user consent, according to The Associated Press. 

The alleged action by the dating app is a breach of the European Union’s privacy rules, according to the AP. The Scandinavian country is not part of the E.U., but it does adhere to the block’s privacy rules. 

In a statement on Wednesday, the NDPA said it imposed its highest fine to date over the California-based company’s alleged breach. The NDPA also said Grindr didn’t comply with the EU’s data protection regulations, according to the AP. 

Norway’s Consumer Council filed a complaint against Grindr last year for disclosing personal information from its users, including GPS locations, IP addresses, ages, gender and their use of the app to several third parties for marketing purposes.

The NDPA added that users were “were forced to accept the privacy policy in its entirety to use the app” and were not specifically asked if they want to allow their data to be shared with third party advertisers. 

“Furthermore, the information about the sharing of personal data was not properly communicated to users,” contrary to EU requirements for “valid consent,” the NDPA added. 

In a statement to The Hill, Grindr said that “protecting users’ interests and ensuring that we put them in control of their personal data have always been our top priorities.” 

Grindr Chief Privacy Officer Shane Wiley said the company is proactive in “adopting industry-leading privacy positions and tools.”

“We have also been proactive in adopting industry-leading privacy positions and tools, like detailed consent flows, granular user privacy controls, and ‘just-in-time’ app notifications,” Wiley said in his statement. 

Updated at 1:02 p.m.