Grindr will be fined NOK 100 million, or about $ 11.7 million, by the Norwegian Data Protection Authority for illegally sharing private information about Grindr users to advertisers, according to The New York Times.
Last January, the Norwegian Consumer Council filed three complaints against Grindr for sharing personal information, including the location of users and information about the device they were using, with advertisers. (One of these advertisers was MoPub, Twitter’s mobile ad company.) Associating this information with an individual could indicate that person’s sexual orientation without their consent, and the Norwegian Data Protection Authority is now taking action against Grindr because of this practice.
Grindr has until February 15 to comment on the decision of the Norwegian Data Protection Authority.
“We continually improve our privacy practices considering the evolution of privacy laws and regulations and look forward to entering into a productive dialogue with the Norwegian Data Protection Authority,” said Bill Shafton, VP of business and legal affairs at Grindr in a statement The The Verge.
The application is not particularly known for taking great care of the security of its users. Grindr was caught exposing users’ HIV status to two other companies in April 2018, which the company stopped doing. And with a particularly bad vulnerability, which we wrote about in October, anyone who knew your email address could access your account.
Grindr has a new owner after a U.S. government committee expressed national security concerns about the app – it was sold by its Chinese owners to the San Vicente Acquisition investor group in March 2020.