The Norwegian Data Protection Authority (NDPA announced Monday the gay dating app Grindr would be fined 100 million Norwegian Kroenr (approximately $11.6 million) for illegally selling users' personal private information to third party advertisers. The fine represents an estimated ten percent of the company’s European revenue, and an estimated third of their net profits.
“Our preliminary conclusion is that Grindr has shared user data to a number of third parties without legal basis,” Bjørn Erik Thon, director-general of the NDPA, said in a statement noting that users of the free version of the app had to upgrade to the paid version to obtain privacy protections guaranteed to all users by law. “Business models where users are pressured into giving consent, and where they are not properly informed about what they are consenting to, are not compliant with the law.”
The proposed fine is large because of the seriousness of the violations. Sexual orientation is given extra protections under the GDPR, and cannot be provided to third parties without the users’ freely-given consent. The NDPA found that since Grindr is a gay dating app, any data associating a user with the app would reveal their sexual orientation and is therefore subject to these special protections.
The company has h