Grindr Fined by Norway for Sharing Highly Personal User Data With Advertisers
Dating app Grindr is facing a more than US$10 million-fine in Norway for sharing with advertisers deeply personal user information, without users’ consent. The data shared included users’ locations and dating profiles. The manner in which such data was shared for marketing, tracking, and behavioral profiling purposes, the Norwegian Consumer Council (NCC) outlined in a report released last year, was “out of control,” and was done in violation of European privacy laws.
Since the release of the report, Grindr has responded with changes in their privacy and consent policies, which the Norwegian Data Protection Authority says “has not mitigated our concerns regarding the lawfulness of Grindr’s personal data sharing with advertising partners,” they told the dating app in a recent notice. In response, the authority has decided to take action against Grindr. The company is required to submit comments by February 15, which is when the authority will announce a final penalty.
“Grindr markets itself as the world’s largest social networking app for gay, bi, trans, and queer people,” the authority writes in the notice issued to Grindr, but does not “take adequate responsibility as a controller of any personal data collected and shared through its services.”
First, the app states it does “not control the use of these tracking technologies,” and instead asks users to go read the privacy policies of the third parties with whom Grindr shares data, such as Twitter’s MoPub, Xandr, OpenX Software Ltd., AdColony Inc., and Smaato Inc. The authority expresses concerns over any individual user’s ability to track down and understand the privacy policies of such third-party companies with whom they have no interaction.
Related on The Swaddle:
And third, Grindr’s current practices can put on a target on their users’ backs, putting them in danger. In sharing user profiles with advertisers, the notice says, “Grindr discloses information about the data subject and that he or she belongs to a sexual minority.” And as long as discrimination against sexual minorities is a given in most countries around the world, Grindr’s policy “could put the data subject’s fundamental rights and freedoms at risk.” We already see this happening around the world, including in India — people are using Grindr to lure gay men for sex and extort them; racketeers are using the app to blackmail corporate CEOs; even governments are using the app to arrest gay men for “debauchery.” In a climate that is especially dangerous for queer people, an app that promises connection to them also needs to prioritize their safety, a commitment that Norwegian authorities have found severely lacking in Grindr’s ethos.
In welcoming the current fine, NCC’s director of digital policy, Finn Myrstad, tells the AP, “We hope that this marks the starting point for many similar decisions against companies that engage in buying and selling personal data.”