Connect with us

Hi, what are you looking for?

Cyber Security

Grindr fined $10m for ‘grave’ GDPR violations by Norwegian privacy watchdog

UPDATED Grindr, the popular LGBT dating app, has been fined €10 million ($12 million) for GDPR violations by Norway’s data privacy regulator because sensitive user data was apparently shared with third parties without valid consent.

The preliminary ruling issued by the Norwegian Data Protection Authority (Datatilsynet) centers on the fact that users had to accept a blanket privacy policy to use the app and were not given a separate opportunity to grant or withhold consent to sharing their data with third parties.

Users were also not properly informed about how the data was shared, said the Datatilsynet. The data shared included GPS location and user profile data such as sexual orientation.

Datatilsynet director-general Bjørn Erik Thon said these were “grave violations” of GDPR requirements around valid consent and added that it was “imperative” that such “take-it-or-leave-it consents” should “cease”.

‘Safe space’

“We believe that the fact that someone is a Grindr user speaks to their sexual orientation, and therefore this constitutes special category data that merit particular protection,” the Datatilsynet said in a press release issued yesterday (January 26).

Grindr is seen as a safe space, and many users wish to be discrete. Nonetheless, their data have been shared with an unknown number of third parties, and any information regarding this was hidden away – Datatilsynet director-general Bjørn Erik Thon

Said Thon: “Users were not able to exercise real and effective control over the sharing of their data.

“Business models where users are pressured into giving consent, and where they are not properly informed about what they are consenting to, are not compliant with the law.”

Ezat Dayeh, SE manager at data management vendor Cohesity, told The Daily Swig: “It is ironic timing that this matter becomes public 24 hours before Data Privacy Day.

“Organizations of all sizes need to be more accountable and deliver greater trust in how they handle consumer data in exchange for more tailored services or commercial gain. The relationship between consumer and brand only works when trust is in place,” he adds.

“From a compliance perspective on privacy, GDPR was merely the start, not the end goal.”

Record-breaking fine

Grindr is marketed as the world’s most popular location-based social networking app for gay, bi, trans, and queer people with 13.7 million active users.

The penalty amounts to around 10% of the company’s worldwide revenues and, if confirmed, will be the highest GDPR fine ever levied by the Datatilsynet.

Grindr has until February 15 to respond to the ruling before a final decision is made.

The investigation, which stems from a complaint filed against Grindr by the Norwegian Consumer Council in 2020, centers on consent mechanisms in place on the app until April 2020.

Advertisement. Scroll to continue reading.

Datatilsynet said it had not yet assessed whether subsequent changes made to Grindr’s privacy policy were GDPR-compliant.

The Norwegian Consumer Council also filed complaints against five third parties that received data from Grindr for marketing purposes: Twitter-owned MoPub, Xandr, OpenX Software, AdColony, and Smaato.

The Daily Swig has contacted Grindr for comment on the ruling and will update the article accordingly if we receive a response. 

This article was updated on January 27 with comments from Ezat Dayeh of Cohesity

Source: https://portswigger.net/daily-swig/grindr-fined-10m-for-grave-gdpr-violations-by-norwegian-privacy-watchdog

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Business News

The Brenner Base Tunnel will form the main part of a 64 km mega-tunnel under the Alps between Austria and Italy, making it the...

Cyber Security

The cyberattack that ultimately led to the breach of several U.S. officials’ email accounts was the result of a China-based threat actor accessing a...

Business News

Tyligulska Wind Power Plant, located to the west of Kherson, is the world’s only windfarm to be built in a major conflict zone. Lucy...

Business News

The European Anti-Fraud Office (OLAF) has put forth a recommendation to halt the €140 million renovation project for the Kostenets-Septemvri railway in Bulgaria, while...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO