This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
viewpoints
Welcome to Reed Smith's viewpoints — timely commentary from our lawyers on topics relevant to your business and wider industry. Browse to see the latest news and subscribe to receive updates on topics that matter to you, directly to your mailbox.
| less than a minute read

Grindr facing potential €10m fine

The Norwegian Data Protection Authority has notified Grindr LLC of its intention to issue a fine of NOK 100,000,000 (around £8.6m / €9.6m) for failing to comply with its obligations under the GDPR.  This follows a complaint by the Norwegian Consumer Council against Grindr in 2020, for sharing personal data without a lawful basis for marketing purposes. The fine equates to around 10% of its turnover.

The 28 page notification, which is preliminary, states that users were forced to 'accept' the app's privacy policy, and consent was not obtained for sharing users' personal data with third parties.  The notification states the result of this was that special categories of personal data (i.e. sensitive personal data) were shared with third party advertisers.  The DPA stated that sharing a user's non-sensitive information alongside the app name allows the inference to be drawn that they are likely to be a gay man, and so Article 9 GDPR is engaged because that information qualifies as “data concerning a natural person’s […] sexual orientation”.

Grindr has until 15 February to respond to the decision.

Special categories of personal data, such as data concerning sexual orientation, merit specific protection under the GDPR. Grindr received these data from data subjects who wanted to join a dating app or a social networking app, with the opportunity to connect with others in the LGBTQ community within close range. The further disclosure of the data without clear information and the data subjects’ prior consent has breached the data subjects’ trust and violated their fundamental rights. Furthermore, misuse of data concerning sexual orientation could lead to discrimination against the data subject. Grindr also shared these data alongside the users’ exact GPS location, which further adds to the gravity of the infringements.

Tags

entertainment & media, data protection, gdpr, grindr, tech & data

Latest Insights