Recently the Norwegian regulator found that a location-based dating app Grindr was sharing personal information with the advertisers without any consent from users. Advertisers are using users’ personal information for behavioral advertisement. The Norwegian Data Protection Authority (DPA) claimed that using users’ data without seeking explicit consent is against GDPR rules.
The dating app for the LGBTQ community Grindr has been fined €6.5m. Initially, the amount of fine was £8.6m. After making some changes in-app and providing details about the financial situation of the company, the authority has considered reducing the number of fines.
The head of the Norwegian Data Protection Authority’s (DPA) international department Tobias Judin said, “Our conclusion is that Grindr has disclosed user data to third parties for behavioral advertisement without a legal basis.”
Some sensitive data including GPS location, IP address, and advertising ID were shared with third parties. The app company even shared the age, gender, and all the fact that confirm that the user was on Grindr. Under GDPR rules, data about a person’s sexual orientation constitutes special category data. That’s why the authority has issued the largest number of fines. The regulatory body has considered the infringements to be “grave”.