News
π³π΄ Sharing data without a legal basis!
π³π΄ Norway: Dating App Fined for Illegal Disclosure of User Data π³π΄
The dating app Grindr, dedicated to gay, bi, trans, and queer individuals, with 13.7 million users, has been fined €6.5 million in Norway for illegally sharing user data for advertising purposes.
Facts:
Grindr was collecting and sharing personal data, including:
- π GPS Location
- π± IP Address and Phone Information
- π Age
- π³οΈπ Sexual Orientation
Violation of Article 9 of the GDPR: Sensitive Data
Data concerning a person’s sexual orientation constitutes sensitive data.
Article 9 of the GDPR prohibits its processing unless one of the following conditions is met:
- Explicit consent from the individual concerned.
Grindr did not properly inform its users that it was collecting and sharing their data without a legal basis, violating Article 6 of the GDPR.
Lack of Transparency:
- Information about the sharing of personal data was not communicated clearly to users.
- The Norwegian Authority concluded:
- The collected consent was invalid.
- Being identified as a Grindr user strongly indicated an individual’s sexual orientation, requiring special protection under the GDPR.
Consequences:
- π° Administrative Fine: €6.5 million.
- π’ Public Decision: Significant reputational impact for Grindr.
π§ Best Practices for GDPR Compliance
To avoid such penalties, companies must:
- π Protect Sensitive Data: Obtain explicit consent before processing data related to sexual orientation.
- π Ensure Transparency: Clearly inform users about how their data is processed and shared.
- β Verify Consent Validity: Consent must be free, specific, informed, and unambiguous to comply with the GDPR.
- π« Limit Data Sharing: Avoid sharing sensitive data with third parties without a solid legal basis.