Grindr Disclosure of Private User Data: Norway Seeks $11.7M in Data Breach Fines

The European Union (“EU”) is fining Grindr, a popular dating application, for about $11.7 million for alleged illegal disclosure of its users’ private details.  According to the Norwegian Data Protection Authority, Grindr disclosed private details about its users to advertising companies, violating many of the European Union’s privacy laws, which are considered to be the most stringent in the world.   

Grindr Disclosure of Personal Consumer Information Spreads Far

According to a public statement, Grindr, which is known to be the world’s most popular Lesbian Gay Bisexual Transexual Queer (“LGBTQ”) dating mobile application, transmitted its users’ precise locations and user-tracking codes, along with the Grindr name, to at least five advertising companies.  As such, the data breach caused users to be outed as LGBTQ, without consent, which is in violation of EU law.  The Norwegian Data Protection Authority also notes that, as a result of the illegal disclosure, popular mobile advertising platforms such as MoPub, which is Twitter’s mobile advertising platform, were able to consequently share the Grindr user data with more than 100 other partners that it was connected to.  

For now, Grindr has until mid-February to respond to the Norwegian Data Protection Authority.  In the meantime, however, the agency has also stated that it is looking into allegations that Grindr has also violated EU data protection laws as well. 

Grindr Disclosure of Private Data Considered Serious Risk 

The Norwegian Data Protection Authority alleges that Grindr’s illegal data-mining practices not only violated the EU’s stringent privacy laws but could result in putting users at serious risk because the disclosure of users’ sexual orientation or preferences could result in serious discrimination globally, especially in countries where same-sex sexual relationships or acts are illegal even if they are consensual.

Moreover, because Grindr shares users’ locations in connection to the application’s name, the Norwegian Data Protection Authority notes that users could also be subjected to violence because Grindr has had a history of sharing location information of its users so precisely that the users could be located down to the side of the building they were sitting near.  As such, the EU has stated that Grindr’s fines had to be significant for such a gross violation of privacy rights. 

Key Takeaways on The Fines Against Grindr

Grindr is facing major fines in the European Union after it was discovered that it was disclosing information about its users to advertising companies.  The EU has announced its intentions to fine Grindr $11.7 million dollars because:

  • the disclosure was without users’ explicit consent and violates strict EU privacy laws;

  • the EU believes that it puts users at risk for discrimination due to their sexual preferences or orientations; and

  • the EU believes that the disclosure has also put users at risk for violence or persecution in jurisdictions where same-sex acts or relationships have been illegalized.

For more information on data privacy, see our Internet Law & eCommerce Legal Services and Industry Focused Legal Solutions pages.

You may also be interested in: