The Norwegian Privacy Appeals Board (Personvernnemnda) has upheld the Norwegian Data Protection Authority’s decision to impose a fine of NOK 65 million (approximately €5.8 million) on the widely-used dating app, Grindr.
This landmark decision roots back to 2020 when the Norwegian Consumer Council (NCC) filed a complaint further to the publication of the “Out of Control” report. The report had served as an eye-opener as it detailed how Grindr indiscriminately shared users’ intimate data with a plethora of commercial entities. These third parties had the autonomy to further distribute the information to an expansive network of companies, primarily for tailoring surveillance-driven advertisements.
The NCC alleged that Grindr breached the General Data Protection Regulation (GDPR) through these practices.
This update provides a comprehensive overview of the latest developments in the Grindr-Datatilsynet case, reflecting the ongoing debate over GDPR interpretation and enforcement in the digital landscape.
Throughout the proceedings, the Norwegian Data Protection Authority also noted that Grindr had not obtained valid consent to share the personal data in question.
🗣 Personvernnemnda also upheld this and highlighted that:
“the user was not given a free choice to consent to the disclosure of personal data during registration in the app, and that the relevant information about data sharing was only included in the privacy policy.”
following which, it upheld the Norwegian Data Protection Authority’s decision to fine Grindr.
🗣 Finn Myrstad, the Director of Digital Policy at the NCC, emphasized the gravity of the situation in a press release:
“Surveillance-based advertising, where companies collect and share personal data for commercial purposes, is entirely unchecked. We applaud the Norwegian Data Protection Authority’s determination in addressing our grievance and the subsequent validation by the Norwegian Privacy Appeals Board, underscoring that Grindr’s sharing of sensitive data with third-party entities is indeed unlawful.”
Recognizing the potential implications, the NCC, accompanied by a consortium of consumer and human rights organizations from Europe and the US, has advocated for the outright prohibition of surveillance-oriented advertising.
The Grindr case is more than just a hefty fine. It serves as a timely reminder of the immense responsibilities companies shoulder in the digital age. With stricter regulations and an increasingly vigilant consumer base, compliance with data protection norms is non-negotiable.
For businesses navigating these complex legal waters, tools, and services that ensure GDPR compliance are indispensable. It’s not merely about avoiding fines but fostering trust with your user base.
With a vast landscape of data protection regulations and their intricate nuances, ensuring complete compliance can be daunting.
At iubenda, we offer a suite of solutions designed to simplify this process. From privacy policies to cookie management, our tools are crafted to help you maintain transparency and stay aligned with evolving regulations.