The Norwegian Data Protection Agency announced on Monday that it would punish Grindr, the world’s most popular gay dating app, 100 million Norwegian kroner, or about $ 11.7 million, for illegally disclosing private information about its users to advertising companies.
The agency announced that the app had transmitted the exact locations, user tracking codes and the name of the app to at least five advertising companies, with people in violation of European data protection law being essentially marked as LGBTQ without their express consent. Grindr shared users’ private data with MoPub, Twitter’s mobile advertising platform, among others, which, according to the agency, can exchange data with more than 100 partners.
Tobias Judin, head of the international division of the Norwegian Data Protection Agency, said that Grindr’s data mining practices have not only violated European data protection rights, but also seriously endangered users in countries like Qatar and Pakistan where consensual same-sex sexual acts take place could be illegal.
“If someone finds out that they are gay and knows their movements, they can be injured,” said Judin. “We’re trying to make these apps and services understand that this approach – not informing users, not getting valid consent to share their data – is completely unacceptable.”
The fine comes a year after European nonprofit groups filed complaints against Grindr and its advertising partners with data protection authorities. In testing last January, the New York Times found that the Android version of the Grindr app was exchanging location information that was so precise that it pinpointed reporters on the side of the building they were sitting on. In April, Grindr revised its user consent process.
In a statement, a spokesperson for Grindr said the company has received “valid legal approvals from all” of its users in Europe on multiple occasions and is confident that its “approach to protecting user privacy in social apps is top-notch”.
The statement added: “We are continuously improving our data protection practices with a view to evolving data protection laws and regulations and look forward to a productive dialogue with the Norwegian Data Protection Authority.”
The company has until February 15 to comment on the ruling before it is final. The Norwegian agency said it was investigating whether the advertising companies that received user data from Grindr also violated European data protection law. “
Privacy experts said the ruling would have far-reaching implications beyond dating apps.
“Not only does this set limits for Grindr,” said Finn Myrstad, director of digital policy at the Norwegian Consumers’ Council, one of the groups that made the complaints, “but it sets strict legal requirements for an entire industry that benefits from collecting and sharing . ” Information about our preferences, location, purchases, physical and mental health, sexual orientation, and political views. “