In December 2021, the Norwegian Data Protection Authority imposed an administrative fine of NOK 65 000 000 – approximately € 6.5 million – against Grindr LLC for not complying with the GDPR rules on consent. Grindr has now lodged an appeal against this decision.
- We will now thoroughly assess Grindr’s appeal. The case is a priority for us, but due to the complexity of the case this assessment could take some time. If we do not rescind or alter our decision, we will send the case to the Privacy Appeals board for processing, said Tobias Judin, head of the Norwegian Data Protection Authority’s international department.
Grindr is a location-based social networking app marketed towards gay, bi, trans, and queer people. In 2020, the Norwegian Consumer Council filed a complaint against Grindr claiming unlawful sharing of personal data with third parties for marketing purposes. The data shared was GPS location, IP address, Advertising ID, age, gender and the fact that the user in question was on Grindr.
The Norwegian Data Protection Authority concluded that Grindr disclosed user data to third parties for behavioural advertisement without a valid legal basis, and imposed an administrative fine of NOK 65 000 000 – approximately € 6.5 million. Grindr has now lodged an appeal against this decision.
In accordance with the Public Administration Act, the Norwegian Data Protection Authority will now assess Grindr’s appeal and consider whether there is grounds to rescind or alter our decision. The Norwegian Consumer Council will also be given the opportunity to express an opinion.
If the decision is not rescinded or altered, the case will be sent to the Privacy Appeals Board (Personvernnemnda) for processing. Decisions from the Privacy Appeals Board cannot be further appealed, but depending on the circumstances, the parties can file a lawsuit before the courts against the validity of such a decision.