Norway’s Data Protection Authority Hit ‘Grindr’ With Huge GDPR Fine

Last updated June 28, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

The Norwegian Data Protection Authority has announced a large one-time administrative fine against Grindr today for violations of the GDPR (General Data Protection Regulation). The fine was set to 100 million NOK, which is €9,600,000 (about $11.65 million). The reason for it is that the popular dating app was confirmed to be collecting and sharing user data with advertisers without the user knowing about it or having provided their consent.

This practice was first discovered by the Norwegian Consumer Council back in January 2020, after the body investigated the reports of over twenty consumer and civil society organizations across the continent. A formal complaint was filed by the body against Grindr after it was confirmed that Twitter's MoPub, AT&T’s AppNexus, OpenX, AdColony, and Smaato, were all receiving sensitive user data from the app. This was a clear violation of the GDPR, so issuing a fine was just a matter of time.

As for what kind of data was collected and shared with advertisers, that would include GPS location data, device identifiers, and the very fact that users are members of a gay dating app. Since Grindr isn’t only active in Norway and didn’t follow the above practices in the Nordic country alone, the data protection offices from other EU-based countries may follow with similar fines shortly.

Monique Goyens, Director General of The European Consumer Organisation (BEUC), commented on the decision:

This is excellent news and sends a clear signal that it’s illegal to monitor consumers without their consent 24/7 to collect and share their data. The GDPR does have teeth, and consumer groups stand ready to act against those who break the law.

Finn Myrstad, director of digital policy in the Norwegian Consumer Council said:

This not only sets limits for Grindr but establishes strict legal requirements on a whole industry that profits from collecting and sharing information about our preferences, location, purchases, physical and mental health, sexual orientation, and political views.

The amount of the fine corresponds to 10% of Grindr’s global annual revenue, as provisioned by the GDPR, and the platform was given until February 15, 2020, to object to the decision or at least comment on it. Giving assurances to its sensitive community that these practices will not be continued in the future would be a step in the right direction at this moment.

Gay people are already dealing with much discrimination and social stigma even in progressive societies, so having a dedicated dating app betray that trust isn’t nice.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: