Norway’s Data Protection Authority said on Tuesday it planned to fine dating app Grindr 100 million Norwegian crowns ($11.7 million) for what the regulator said was illegal disclosure of user data to advertising firms.
U.S.-based Grindr, which describes itself as the world’s largest social networking app for gay, bisexual, transgender and queer people, said the allegations dated back to 2018 and no longer reflected its current privacy policy or practices.
“Our preliminary conclusion is that the breaches are very severe,” the Norwegian agency said in a statement announcing what it said was a record fine corresponding to around 10% of Grindr’s estimated global annual revenue.
Grindr has until Feb. 15 to respond to the claims, after which the Data Protection Authority will make its final decision in the case, the agency said.
“We continually enhance our privacy practices in consideration of evolving privacy laws and regulations, and look forward to entering into a productive dialogue with the Norwegian Data Protection Authority,” a company spokesperson said in an emailed statement to Reuters.
Europe’s General Data Protection Regulation (GDPR) sets guidelines for the collection, processing and sharing of personal information in the European Union as well as in non-EU Norway.
The Norwegian Consumer Council (NCC), a watchdog, said in a January 2020 report that Grindr shared detailed user data with third parties involved in advertising and profiling, such as a user’s IP address, advertising ID, GPS location, age and gender.
In some cases, widespread sharing of personal data can become a matter of physical safety if users are located and targeted in countries where homosexuality is illegal, the NCC said at the time.
In a statement on Tuesday, the NCC hailed the decision to fine Grindr as a historic victory for privacy.
($1 = 8.5760 Norwegian crowns)