Grindr Fined €6.5m for Selling User Data Without Explicit Consent

Grindr Fined €6.5m for Selling User Data Without Explicit Consent

Dating app Grindr has been fined €6.5m (£5.5m) for selling user data to advertisers without their explicit consent.

The fine was issued by the Norwegian Data Protection Authority (DPA) for “grave” infringements of GDPR rules. This was because Grindr shared highly sensitive ‘special category’ data with third parties without users' explicit consent, which is a requirement under the regulation. This includes GPS location, IP address, advertising ID, age and gender. Additionally, the third parties knew the user was on Grindr, a dating app for gay, bi, trans and queer people, meaning their sexual orientation data was exposed.

Users were forced to agree to the company’s privacy policy without being asked specifically if they consented to the sharing of their data for behavioral purposes.

Tobias Judin, head of the Norwegian DPA’s international department, explained: "Our conclusion is that Grindr has disclosed user data to third parties for behavioral advertisement without a legal basis."

The €6.5m penalty is the largest fine issued by the Norwegian data protection authority. However, this figure was reduced from £8.6m after Grindr provided details about its financial situation and had changed permissions on its app. However, the regulator added that it has not

Read More: https://www.infosecurity-magazine.com/news/grindr-fined-user-data-explicit/