The Norwegian Data Protection Authority has notified Grindr LLC of its intention to issue a fine of NOK 100,000,000 (around £8.6m / €9.6m) for failing to comply with its obligations under the GDPR. This follows a complaint by the Norwegian Consumer Council against Grindr in 2020, for sharing personal data without a lawful basis for marketing purposes. The fine equates to around 10% of its turnover.
Grindr has until 15 February to respond to the decision.
Special categories of personal data, such as data concerning sexual orientation, merit specific protection under the GDPR. Grindr received these data from data subjects who wanted to join a dating app or a social networking app, with the opportunity to connect with others in the LGBTQ community within close range. The further disclosure of the data without clear information and the data subjects’ prior consent has breached the data subjects’ trust and violated their fundamental rights. Furthermore, misuse of data concerning sexual orientation could lead to discrimination against the data subject. Grindr also shared these data alongside the users’ exact GPS location, which further adds to the gravity of the infringements.