Norway has announced its intention to fine Grindr €10 million (£8.5 million) for violating aspects of GDPR.
The fine would equal 10 per cent of the dating app’s annual turnover.
The country’s data agency, known as Datatilsynet, issued a statement Tuesday saying that Grindr shared user data without consent to advertising companies.
‘Grindr is seen as a safe space, and many users wish to be discrete. Nonetheless, their data have been shared with an unknown number of third parties, and any information regarding this was hidden away,’ said Bjorn Erik Thon, director-general of Norwegian Data Protection Authority (DPA).
The data shared include GPS location, user profile data, and the fact that the user in question is on Grindr, the authority said.
Norway’s decision is not yet a final one – although it’s unlikely to alter the amount of the fine. The DPA will issue its draft decision to Grindr, which will have until February 15 to give its side of the story.
‘We will make our final decision once we have assessed any remarks the company may have,’ Datatilsynet announced.
Ray Walsh, a digital privacy expert at ProPrivacy, said: ‘While it is good to see Norway’s data protection authority stepping in to issue a fine, the reality is that hitting the service with a fine does nothing to protect Grindr users whose data was already sold on to third-parties.
‘Sharing personally identifiable information, including location data about Grind users with third parties has the potential to cause great harm to users living in high-risk locations where being potentially outed by poor privacy controls could lead to prosecution.
‘We can now hope that the impact of this fine will be enough to make Grind change its business practices not just in the EU but globally.’