Grindr is being fined for $11.7 million?
The Norwegian Data Protection Authority is the organization that filed the fine of 100 million Norwegian Kroner (approximately $11.7 million), according to The New York Times. The organization announced Monday that Grindr illegally sold users’ personal private information to third-party advertisers. As for why 100 million Norwegian Kroner, it’s because that’s ten percent of the company’s European revenue and an estimated third of Grindr’s net profits.
“Our preliminary conclusion is that Grindr has shared user data to a number of third parties without legal basis,” Bjørn Erik Thon, director-general of the NDPA, said in a statement. “Business models where users are pressured into giving consent, and where they are not properly informed about what they are consenting to, are not compliant with the law.”
Thon also noted that users had to upgrade to the optional paid version in order to get privacy protections that should be guaranteed under privacy law standards. Tobias Judin, head of the Norwegian Data Protection Authority’s international department, added that Grindr’s data-mining practices not only violated European privacy rights but also risks endangering users in countries with anti-gay laws.
“If someone finds out that they are gay and knows their movements, they may be harmed,” Judin told the NY Times. “We’re trying to make these apps and services understand that this approach — not informing users, not gaining a valid consent to share their data — is completely unacceptable.”
“This is a milestone in the ongoing work to ensure that consumers’ privacy is protected online,” Finn Myrstad, director of digital policy in the Norwegian Consumer Council, said in a statement about the ruling. “The Data Protection Authority has clearly established that it is unacceptable for companies to collect and share personal data without user´s permission.”
“This not only sets limits for Grindr,” Myrstad added, “but establishes strict legal requirements on a whole industry that profits from collecting and sharing information about our preferences, location, purchases, physical and mental health, sexual orientation and political views.”
In a statement, a Grindr spokesperson claimed the company had obtained “valid legal consent from all” of its users in Europe on multiple occasions and boasted a first-class approach to user privacy.
“We continually enhance our privacy practices in consideration of evolving privacy laws and regulations, and look forward to entering into a productive dialogue with the Norwegian Data Protection Authority,” Bill Shafton, Grindr’s VP of business and legal affairs, said in a statement to The Verge.
Grindr has until February 15 to officially comment on the ruling before it is final.