Grindr hit with € 6.2 million fine in response to complaint from the Norwegian Consumer Council

15. desember, 2021

The Norwegian Data Protection Authority confirmed that Grindr has been sharing personal data without a legal basis and fined the dating app 65 million NOK (€ 6.2 million).

– Surveillance-based advertising, where companies collect and share personal data for commercial purposes, is completely out of control. We are pleased that the Norwegian Data Protection Authority (DPA) has upheld our complaint and concluded that Grindr has been operating in breach of the law, policy director Finn Myrstad comments.

– This sends a strong signal to all companies involved in commercial surveillance. There are serious repercussions to sharing personal data without a legal basis. We call for the digital advertising industry, which is responsible for tracking and profiling consumers on a massive scale, to make fundamental changes to respect consumers’ rights.

In 2020, the Norwegian Consumer Council filed a complaint against Grindr. It uncovering how the app collected and shared sensitive personal data about its users with several commercial third parties, who reserved the rights to share information onward with potentially thousands of further companies, in the service of targeting surveillance-based advertising.

Originally the DPA announced a preliminary fine of 100 million NOK against Grindr. This preliminary fine has now been reduced to 65 million NOK (6,42 million EUR) after the DPA received further arguments from the company. The case can now be appealed to the Norwegian Privacy Appeals Board (Personvernnemda).

Urges Grindr to make changes

The Norwegian Consumer Council has already requested that the DPA consider stronger sanctions by requiring Grindr to:

• Inform about which third parties have had access to personal data, and how this information may have been shared onward to further companies.
• Delete all personal data that has been illegally collected and ensure that third parties that have received the information do the same.
• Ensure that users are no longer exposed to sharing and spreading of personal data to other companies.

Although these points are not addressed in the final decision, the Norwegian Consumer Council now urges the company to clean up its act and ensure that illegally collected data is deleted by all the companies that may have received it.

– This information was illegally collected and must be considered as particularly sensitive as it concerns users’ sexual orientation. There should be strict requirements that the company must adhere to in order to ensure consumers’ fundamental right to privacy in the future, Myrstad says.

Call to ban surveillance-based advertising

The Norwegian Consumer Council has demonstrated that commercial actors are collecting and using personal data in irresponsible and illegal ways. The current “free-for-all” leaves consumers unaware of what information is collected, with whom that information is shared, and how it is used.

Last week, the Nobel Peace Prize laureate Maria Ressa took a strong stance against social media and the surveillance economy in her Nobel Lecture. Amongst other things, Ressa pointed to how commercial actors collecting and using personal data for commercial purposes contribute to the erosion of democracies and free will.

– Intimate knowledge of consumers’ preferences and when we are most receptive to manipulation is a threat not only to consumer- and privacy rights but may have dramatic consequences for society, Myrstad says.

– This is why we and a large group of consumer and human rights organizations from across Europe and the United States have call for a ban on surveillance-based advertising.