Regulators in Norway intend to fine Grindr $AUD15 million over the company’s allegedly illegal user data-sharing practices.
The Norwegian Data Protection Authority (NDPA) accused the company of sharing users’ personal data from the app’s free version with third party advertisers without valid consent.
The data the company shared included “GPS location, user profile data and the fact that the user in question is on Grindr,” the agency alleges.
Grindr identifying users as LGBTIQ without obtaining their explicit consent would violate European data protection law, the NDPA explain.
“Grindr needs consent to share this personal data and [we conclude] Grindr’s consents were not valid,” the agency said.
“Additionally, we believe that the fact that someone is a Grindr user speaks to their sexual orientation.
“[Sexual orientation] constitutes special category data that merits particular protection.”
But NDPA director-general Bjørn Erik Thon alleges that Grindr did not grant that protection. Users couldn’t exercise “real and effective” control over Grindr’s sharing of their data.
The NDPA also alleges the app did not “properly communicate” information about the data sharing with users.
“Business models that do not properly inform users about what they are consenting to, are not compliant with the law,” Thon said.
He noted that many Grindr users may wish to be discreet. However Grindr may have shared their data “with an unknown number of third parties”.
“Any information regarding this was hidden away,” he said.
“Our view is that these people have had their personal data shared unlawfully.”
Grindr responds to data-sharing allegations
The NDPA said it has notified Grindr LLC it intends to fine the company 100 million Norwegian krone (just over $AUD15 million).
The agency said the company must respond by February 15 before the agency makes its final decision.
Last January, the Norwegian Consumer Council and other non-profit groups complained to Grindr about its data sharing practices with advertisers.
The company later made changes to how the app asks for user’s consent in April 2020.
A Grindr spokesperson told the New York Times it had obtained “valid legal consent from all” of its users in Europe on multiple occasions.
The company is confident its “approach to user privacy is first in class” among apps of its kind, they said.
“We continually enhance our privacy practices in consideration of evolving privacy laws and regulations,” the spokesperson said.
“[We] look forward to entering into a productive dialogue with the Norwegian Data Protection Authority.”
What information does the app share with advertisers?
In a lengthy blog post this week, Grindr’s Chief Privacy Officer Shane Wiley also addressed the controversy around advertising.
Wiley said the app “shares only the most basic information — which users largely control — and nothing about a user’s Grindr account details.”
“There is nothing from within a user’s account details that is shared with an ad partner. Full stop,” he said.
He added, “We do NOT share precise location data with advertisers.
“Grindr’s ad partners can leverage a device’s IP Address to get a general sense of where the user is in the world.
“But accuracy drops sharply below city level detail.”
Wiley also explained, “We share the basics and only the basics: the mobile advertising ID (MAID) of the device, IP Address, and device details.
“[We use] MAIDs to track which ads are seen and clicked on in a way not associated with a user’s personal information.
“We approach advertising policy globally so any Grindr user across the planet can rest assured that the details above are the same for them.”
For the latest lesbian, gay, bisexual, transgender, intersex and queer (LGBTIQ) news in Australia, visit qnews.com.au. Check out our latest magazines or find us on Facebook, Twitter, Instagram and YouTube.