The Norwegian Data Protection Authority said on Monday that it would fine Grindr, the world’s most popular gay dating app, 100 million Norwegian Kroner, or about $11.7 million dollars, for illegally disclosing private details about its users to advertising companies.
The Norwegian agency said the app had transmitted users’ precise locations, user-tracking codes and the app’s name to at least five advertising companies, essentially tagging individuals as L.G.B.T.Q. without obtaining their explicit consent, in violation of European data protection law. Among other companies, Grindr shared users’ private details with MoPub, Twitter’s mobile advertising platform, which may in turn share data with more than 100 partners, according to the agency’s ruling.
Tobias Judin, head of the Norwegian Data Protection Authority’s international department, said Grindr’s data-mining practices not only violated European privacy rights but also could have put users at serious risk in countries, like Qatar and Pakistan, where consensual same-sex sexual acts are illegal.
“If someone finds out that they are gay and knows their movements, they may be harmed,” Mr. Judin said. “We’re trying to make these apps and services understand that this approach — not informing users, not gaining a valid consent to share their data — is completely unacceptable.”
The fine comes one year after European nonprofit groups lodged complaints against Grindr and its advertising partners with data protection regulators. In tests last January, The New York Times found that the Android version of the Grindr app was sharing location information that was so precise, it pinpointed reporters on the side of the building they were sitting on. Last April, Grindr revamped its user consent process.
Grindr did not immediately return an email seeking comment. The company has until Feb. 15 to comment on the Norwegian agency’s ruling before it is finalized. The Norwegian agency said it was investigating whether the ad companies that received users’ details from Grindr had also violated European data protection law.
Privacy experts said the ruling would have wide repercussions beyond dating apps.
“This not only sets limits for Grindr,” said Finn Myrstad, the director of digital policy for the Norwegian Consumer Council, one of the groups that lodged the complaints, “but establishes strict legal requirements on a whole industry that profits from collecting and sharing information about our preferences, location, purchases, physical and mental health, sexual orientation and political views.”