Grindr has been fined £5.5m for sharing advertising data.
Written byTimes Magazine
Grindr, a location-based dating app for the LGBTQ community, was fined 6.5 million euros (5.5 million pounds) for selling user data to advertisers.
The Norwegian Data Protection Authority has stated that disclosing such data without express consent violates GDPR rules.
The fine was lowered from £8.6m after Grindr disclosed details of his financial situation and changed his application. Grindr was asked for a comment.
"We conclude that Grindr has disclosed user data to third parties without a legal basis for behavioral advertising," said Tobias Yudin, head of the international division of the Norwegian Data Protection Agency (DPA). Its investigation was based on a complaint from the Norwegian Consumer Council.
The fine, the highest imposed by the Norwegian Data Protection Agency, is high because regulators regard the breach as "serious." The data he found from the leaked app to third parties included GPS location, IP address, advertising ID, age, gender, and the fact that the user was using Grindr.
This is particularly disturbing because data relating to a person's sexual orientation is a particular category of data that deserves special protection under the provisions of the GDPR, he added.
Consumers are forced to agree to privacy policies without being specifically asked if they want to consent to their behavioral advertising data being shared.
The fine was initially higher but reduced after Grindr provided information about its size and financial position. Also, take into account that the company has changed the permissions for the app. The regulator said it had not checked whether the current approval mechanism aligned with the GDPR.
And does not exclude the possibility of assigning Grindr to the deletion of unlawfully processed personal data.