Gay dating app hit with $7mn fine for data breach

Grindr, an LGBT+ online dating application, has been fined around $7.14 million by the Norwegian regulator for not complying with the data protection rules on consent.

On Wednesday, Norway's Data Protection Authority (DPA) gave Grindr a 65 million Norwegian crown ($7.14 million) fine, reduced from the original 100 million crown punishment handed down in January.

The DPA said that the decision to reduce the fine to 65 million crowns came in light of new information on the company's finances, as well as changes Grindr has made “to remedy the deficiencies in their previous consent-management platform.”

However, the DPA concluded that the LGBT+ dating app had failed to comply with General Data Protection Regulation (GDPR) laws by disclosing user data to advertisers without valid consent.

“Our conclusion is that Grindr has disclosed user data to third parties for behavioural advertisement without a legal basis,” the head of the DPA's international department, Tobias Judin, said in a statement.

The DPA said that consent collected by Grindr between July 2018 and April 2020 for the use of private data did not allow it to share data with advertisers.

According to a report from the Norwegian Consumer Council (NCC) in January 2020, the data shared by Grindr included details such as users' IP addresses, GPS locations, ages, and genders.

The reports added that sharing such data could be a matter of physical safety in countries where homosexuality is prohibited.