News

🇳🇴 Norway: Dating App Fined for Illegal Disclosure of User Data 🇳🇴

The dating app Grindr, dedicated to gay, bi, trans, and queer individuals, with 13.7 million users, has been fined €6.5 million in Norway for illegally sharing user data for advertising purposes.

Facts:

Grindr was collecting and sharing personal data, including:

• 📍 GPS Location
• 📱 IP Address and Phone Information
• 📊 Age
• 🏳️‍🌈 Sexual Orientation

Violation of Article 9 of the GDPR: Sensitive Data

Data concerning a person’s sexual orientation constitutes sensitive data.
Article 9 of the GDPR prohibits its processing unless one of the following conditions is met:

• Explicit consent from the individual concerned.

Grindr did not properly inform its users that it was collecting and sharing their data without a legal basis, violating Article 6 of the GDPR.

Lack of Transparency:

• Information about the sharing of personal data was not communicated clearly to users.
• The Norwegian Authority concluded:
• The collected consent was invalid.
• Being identified as a Grindr user strongly indicated an individual’s sexual orientation, requiring special protection under the GDPR.

Consequences:

• 💰 Administrative Fine: €6.5 million.
• 📢 Public Decision: Significant reputational impact for Grindr.

🔧 Best Practices for GDPR Compliance

To avoid such penalties, companies must:

• 🔒 Protect Sensitive Data: Obtain explicit consent before processing data related to sexual orientation.
• 📄 Ensure Transparency: Clearly inform users about how their data is processed and shared.
• ✅ Verify Consent Validity: Consent must be free, specific, informed, and unambiguous to comply with the GDPR.
• 🚫 Limit Data Sharing: Avoid sharing sensitive data with third parties without a solid legal basis.