Grindr faces a 10 million euro fine in Europe for failing to ask for explicit consent when sharing data

Grindr, a dating app for gay, bisexual, transgender and queer people, faces a fine of 10 million euros on behalf of the General Data Protection Regulation of Europe. Specifically, the Norwegian data protection agency has notified those responsible for the app of its intention to impose this fine.

In 2020, the Norwegian Consumer Council filed a complaint against Grindr claiming that you illegally shared personal data with third parties for marketing purposessuch as GPS location and user profile data. Following this complaint came an investigation that has concluded that this allegation could be true, according to the Norwegian Data Protection Authority, also known as Datatilsynet.

Users "do not exercise real control over the sharing of their data"

“We have notified Grindr that we intend to impose a large fine, as our findings suggest serious violations of the GDPR," said Bjørn Erik Thon, CEO of Datatilsynet. "Grindr has 13.7 million active users, of which thousands reside in Norway. Our opinion is that these people have shared their personal data illegally ”.

It is not that the application shares the information secretly but that for the Norwegian authorities, the problem is that users “could not exercise real control and effective on the sharing of their data ”since Grindr“ pressures users to give their consent without properly informing them of what they are consenting to ”.

Grindr, the "Tinder Gay", has been sharing data about its users, including HIV status, with other companies

That is to say Grindr obliges users to accept the entire privacy policy to use the service, without asking them specifically if they accept to give their consent when sharing the data with third parties, and that violates European data protection legislation.

On the company's blog, its spokespersons have not yet published anything about this notification from the Nordic country. Keep in mind that the sanction is not yet final: Grindr has until February 15 to present submissions before the final decision is issued.

It should be remembered that the Chinese company Beijing Kunlun Tech Co Ltd, which owned Grindr since 2016, sold almost the entire company to San Vicente Acquisition LLC, a consortium of investors, in March 2020. The decision was made because the government of Donald Trump forced Kunlun to sell the social network in order to "guarantee national security". This is not the first time that this firm has been involved in security and privacy problems.

Fines of up to 20 million euros according to European legislation

The European regulation in this regard allows impose fines of up to 4% of a company's global annual sales or up to € 20 million (whichever is greater).

There are other ecompanies being investigated in Norway for the same case: there are five firms to which Grindr gives this data. MoPub (owned by Twitter), Xandr Inc. (formerly AppNexus Inc.), OpenX Software Ltd., AdColony Inc. and Smaato Inc.