The Norwegian Data Protection Authority has notified Grindr LLC of its intention to issue a fine of NOK 100,000,000 (around £8.6m / €9.6m) for failing to comply with its obligations under the GDPR.  This follows a complaint by the Norwegian Consumer Council against Grindr in 2020, for sharing personal data without a lawful basis for marketing purposes. The fine equates to around 10% of its turnover.

The 28 page notification, which is preliminary, states that users were forced to 'accept' the app's privacy policy, and consent was not obtained for sharing users' personal data with third parties.  The notification states the result of this was that special categories of personal data (i.e. sensitive personal data) were shared with third party advertisers.  The DPA stated that sharing a user's non-sensitive information alongside the app name allows the inference to be drawn that they are likely to be a gay man, and so Article 9 GDPR is engaged because that information qualifies as “data concerning a natural person’s […] sexual orientation”.

Grindr has until 15 February to respond to the decision.