GDPR: Grindr is fined €10M by Norwegian DPA for GDPR consent violations

The US-based company Grindr has 13.7 million active users, of which thousands reside in Norway.

Grindr is being fined €10M by Norwegian data protection authorities because of sharing user data to the advertisers through Twitter's mobile advertising product MobPub without collecting and manage consent.

The Norwegian data protection authorities ruling against Grindr comes a year since the Norwegian Consumer Council (NCC) began scrutinizing the "out of control" advertising industry and its user profiling policies.

GDPR allows for fines to scale up to 4% of global annual turnover or up to €20M, whichever is higher.

In this case, Grindr is on the hook for around 10% of its annual revenue, per the DPA. The sanction is not yet final. Grindr has until February 15 to submit a response before the Datatilsynet issues a final decision.

The data shared by Grindr illegally with advertisers includes user location, sexual orientation.

Under the GDPR, user's personal data may be legally shared if you obtain their consent to do so. But there is a set of clear standards of consent: must be informed, specific and freely given.

Grindr's users were forced to accept the privacy policy in its entirety. Explicit consent and privacy options are not allowed and not collected.

The commonly seen 'Forced consent' is not validate consent under GDPR.

Twitter's mobile advertising product MobPub is also involved in illegal data sharing without consent.

About UniConsent

UniConsent is a part of Transfon User Experience Platform serve tens of millions of users per day to provide a seamless experience for both users and publishers in the age of post GDPR. Behind Transfon, it is a group of performance and user experience experts. Contact us to know more: hello@uniconsent.com