Grindr’s £8.5m fine slashed despite illegally sharing users’ data in worrying breach

Grindr fined £5 million in Norway data breach

Grindr has been fined 65 million Norwegian crown (around £5 million) after a huge data breach.

The dating app was fined by Norway’s Data Protection Authority (DPA) for illegally sharing detailed user data with third party advertisers, including users’ IP addresses, GPS locations, age and gender.

At the time the original fine was issued, the head of the DPA’s international department, Tobias Judin, said the fact that Grindr is an LGBT+ app makes the breach all the more serious.

“If someone finds out they are gay and knows their movements, they may be harmed,” he said in January.

“We’re trying to make these apps and services understand that this approach – not informing users, not gaining a valid consent to share their data – is completely unacceptable.”

The DPA said at the time it would fine the company 100 million crowns (around £8 million).

However, on Wednesday (15 December) it confirmed that the fine was reduced due to changes Grindr has made “to remedy the deficiencies in their previous consent-management platform”. 

Judin said in a statement: “Our conclusion is that Grindr has disclosed user data to third parties for behavioural advertisement without a legal basis.”

In a January statement to the New York Times, a spokesperson for Grindr said the company had obtained “valid legal consent from all” of its users in Europe on multiple occasions and was confident that its “approach to user privacy is first in class” among social apps.

The company added: “We continually enhance our privacy practices in consideration of evolving privacy laws and regulations, and look forward to entering into a productive dialogue with the Norwegian Data Protection Authority.”

The dating app now has the right to appeal the DPA’s decision within three weeks.

PinkNews has approached Grindr for comment on these latest developments.