Grindr Fined Over Six Million Euros for Privacy Violations

The Norwegian data protection agency (Datatilsynet) has fined Grindr €6.3 million, or approximately $7.16 million, for sharing user data with third party companies without user consent. The GDPR violation was considered a “grave” infringement because the information shared with third parties—mainly online advertisers—included highly sensitive personal data such as sexual orientation. Users signing up for the app had been forced to “agree” to the company’s privacy policy but had not been specifically asked if they consented to data sharing for behavioral advertising purposes. The penalty is the largest GDPR fine issued by Datatilsynet to date. Grindr now has three weeks to determine whether to appeal the fine. EPIC has long fought for the privacy of social media users and previously filed an amicus brief in Herrick v. Grindr LLC, a case regarding Grindr’s refusal to respond to harassment perpetuated through the platform which led to physical assault and threats.