Norway’s Data Protection Authority (DPA) has handed dating app Grindr a reduced 65 million Norwegian crown ($7.14 million) fine over illegal disclosure of user data to advertisers, saying the company had moved to address issues regarding its practices.
The DPA’s initial plan last January was to fine Grindr 100 million crowns, but it said on Wednesday that it had reduced the amount because of new information on the company’s finances and changes Grindr has made “to remedy the deficiencies in their previous consent-management platform”.
U.S.-based Grindr, which describes itself as the world’s largest social networking app for lesbian, gay, bisexual, transgender and queer people (LGBTQ+), said it still strongly disagreed with the decision.
“Our conclusion is that Grindr has disclosed user data to third parties for behavioural advertisement without a legal basis,” Tobias Judin, head of the DPA’s international department, said in a statement.
He said the agency, also known as Datatilsynet, concluded that user consent collected by Grindr between July 2018 and April 2020 for the use of private data was not valid.
Grindr said it was considering lodging an appeal of the decision.
Europe’s General Data Protection Regulation (GDPR) sets guidelines for the collection, processing and sharing of personal information in the European Union as well as in non-EU Norway.
The Norwegian Consumer Council (NCC) watchdog said in a January 2020 report that Grindr shared detailed user data with third parties involved in advertising and profiling. The data included details such as users’ IP addresses, GPS locations, age and gender.
In some cases, widespread sharing of personal data can become a matter of physical safety if users are located and targeted in countries where homosexuality is illegal, the NCC said at the time.