€ 5,8 million fine for Grindr – the Norwegian Consumer Council’s complaint fully upheld by the Privacy Appeals Board
29. september, 2023
In 2020, the Norwegian Consumer Council filed a complaint to the Norwegian Data Protection Authority against the dating app Grindr for breach of the General Data Protection Regulation. The Norwegian Privacy Appeals Board (Personvernnemnda) today announced that it upholds the Norwegian Data Protection Authority’s fine of NOK 65 million (approximately € 5,8 million).
– Surveillance-based advertising, where companies collect and share personal data for commercial purposes, is completely out of control. We are very pleased that the Norwegian Data Protection Authority has resolutely followed up our complaint and that the Norwegian Privacy Appeals Board has clearly affirmed that Grindr’s practice of sharing sensitive personal data with third parties is illegal, says Finn Myrstad, Director of Digital Policy at the Norwegian Consumer Council.
– This sends a strong signal to all companies involved in commercial surveillance. There are serious repercussions to sharing personal data without a legal basis. We call for the digital advertising industry, which is responsible for tracking and profiling consumers on a massive scale, to make fundamental changes to respect consumers’ rights.
In 2020, the Norwegian Consumer Council filed a complaint against Grindr. The complaint was based on the report “Out of Control”, which revealed how the app collected and shared sensitive personal data about its users with several commercial third parties, who reserved the rights to share information onward with potentially thousands of further companies, in the service of targeting surveillance-based advertising.
Intimate knowledge of consumers’ preferences and when we are most receptive to manipulation is a threat not only to consumer- and privacy rights but may have dramatic consequences for society. This is also the reason why the Norwegian Consumer Council and a large group of consumer and human rights organizations from across Europe and the United States have called for a ban on surveillance-based advertising.
Øyvind H. Kaldestad
Kommunikasjonsrådgiver – digitale rettigheter og strøm
The technical tests were carried out by the security company mnemonic.
The research on the adtech industry and specific data brokers was performed with assistance from the researcher Wolfie Christl of Cracked Labs.
The legal analysis, drafting of the formal complaints, and subsequent follow-up in the complaint process was carried out with the assistance of Max Schrems and the organisation noyb.
Additional auditing of the Grindr app was performed by the researcher Zach Edwards from Victory Medium.
The law firm Hjort has assisted in the process with the Privacy Appeals Board.