Grindr was fined NOK 65 million (approximately $6 million) by a Norwegian court after a thorough investigation revealed the company's unlawful sharing of sensitive user data with multiple commercial partners.
This landmark decision follows a 2020 complaint by the Norwegian Consumer Council (Forbrukerrådet), which uncovered how Grindr's data-sharing practices compromised user privacy.
The Norwegian Consumer Council initiated the complaint after discovering that Grindr, a popular dating app, had been collecting and sharing sensitive user information with numerous commercial entities. These third-party companies retained the right to further disseminate the data to potentially thousands of other firms, aiming to tailor advertisements to individual users. This practice was deemed a significant violation of user privacy and data protection laws.
Forbrukerrådet's director, Inger Lise Blyverket, hailed the court's decision as a crucial victory in safeguarding online consumer security. She emphasized that the ruling sends a strong message to companies engaged in commercial surveillance that the indiscriminate collection and distribution of personal data will not be tolerated. Blyverket further noted the broader implications of such data misuse, highlighting its potential to manipulate political outcomes and exploit vulnerable individuals.
Grindr, which markets itself as the world's largest social networking app for the LGBTQ+ community, has faced scrutiny for its data practices before. The app, which connects millions of users globally, collects a range of personal information, including location data, sexual orientation, and preferences. This sensitive data, when mishandled, poses significant risks to user privacy and safety.
The court's ruling was supported by findings from both the Norwegian Data Protection Authority (Datatilsynet) and the Privacy Appeals Board (Personvernnemnda), both of which confirmed that Grindr had breached the General Data Protection Regulation (GDPR). The GDPR, a stringent privacy and security law, governs data protection and privacy in the European Union and the European Economic Area, setting high standards for the handling of personal data.
This case underscores the urgent need for regulatory reforms in digital marketing practices. As Blyverket pointed out, the government is actively working on legislation to ban surveillance-based advertising. The Grindr case exemplifies the critical necessity for such structural changes to protect consumers from invasive and exploitative data practices.
The case is a good reminder for consumers to consider and implement various proactive measures to safeguard their online privacy. Users should:
- Regularly review and adjust privacy settings on apps and social media platforms.
- Limit the sharing of personal information to only what is necessary.
- Stay informed about how their data is being used and shared by service providers.
- Utilize tools and services that enhance online privacy, such as VPNs, tracker blockers, and ad-blockers.
Jeff Kane
Why not just fine and bankrupt them? They knew the rules!!
Who needs them?