Norwegian DPA intends to fine Grindr

26. January 2021

The Norwegian Data Protection Authority “Datatilsynet” (in the following “DPA”) announced recently that it intends to fine the online dating provider “Grindr LLC” (in the following “Grindr”) for violations of the GDPR an administrative fine of € 9.6 Mio. (NOK 100 Mio.).

Grindr is a popular and widely used Dating App for gay, bi, trans and queer people and uses a location-based technology to connect the users. Thus, Grindr processes beside personal data also sensitive data like the sexual orientation of the users. The latter are subject to a high level of protection due to the requirements of the GDPR.

The DPA came to the conclusion that Grindr transferred personal data of its users to third parties for marketing purposes without having a legal basis for doing so. In particular, Grindr neither informed the data subjects in accordance with the GDPR nor have obtained consent from the concerned data subject. Datatilsynet considers this case as serious, because the users were not able to exercise real and effective control over the sharing of their data.

Datatilsynet has set a deadline of February 15th, 2021 for Grindr to submit its comments on the case and will afterwards make its final decision.

Category: Data Protection · GDPR · General Data Protection Regulation · Personal Data
Tags: , , , ,