Grindr, which claims to be “the world’s largest social networking app for gay, bi, trans, and queer people”, is accused of sharing its users’ GPS coordinates, user profile data and the fact that the user is on Grindr, for marketing purposes.
“Our preliminary conclusion is that Grindr has shared user data to a number of third parties without legal basis,” Data Protection Authority director general Bjørn Erik Thon said in a statement.
According to the authority, this violates the European Union’s GDPR, or data protection rules, on valid consent that were introduced in May 2018.
The authority therefore decided to notify Grindr that it will be fined around 10 percent of its global turnover, or about $10 million, an unprecedented fine in the Nordic country.
The Norwegian Consumer Council, which had filed the initial legal complaint against Grindr, hailed the announcement as a “historic victory for privacy.”
Grindr has until February 15th to challenge the decision.
The wrongdoing it is accused of took place before April 2020, when the app changed its user consent terms.
In January 2020, the Norwegian Consumer Council filed legal complaints against Grindr and five other apps, including Twitter-controlled MoPub, for violating personal data protection rules.
The other complaints are still being examined, the Data Protection Authority said.