Data protection: Norwegian court confirms million-euro fine against Grindr
The Oslo District Court confirms a fine under the General Data Protection Regulation against the gay dating provider Grindr.
Scene of a Pride parade in Halifax, Nova Scotia
(Image: Daniel AJ Sokolov)
Grindr has passed on too much data to the advertising industry. This was established by the Oslo District Court. It thus confirms a fine that the Norwegian data protection authority Datatilsynet imposed on the matchmaking service for same-sex oriented men in 2020. Within 14 days, Grindr is to pay 65 million kroner to the Norwegian state treasury, the equivalent of 5.7 million euros.
The appellate court responsible for data protection issues confirmed the data protection fine against Grindr; Grindr took this to court. The hearing took place in mid-March and the verdict was issued on Monday. According to the ruling, Grindr revealed too much information about its users to the advertising industry between 2018 and 2020. According to the findings of the data protection authority, the company passed on its users' GPS data, among other things.
Grindr argued that users had voluntarily opted to use the app by clicking on "Continue" and "Accept" in full knowledge of the circumstances. They could have used apps other than Grindr instead. However, Grindr did not convince the district court.
Disclosure of Grindr usage itself is sensitive
It followed the argumentation of the data protection authority, according to which the use of the app and thus the sharing of the app ID with advertisers already involves particularly sensitive data. "In the opinion of the court, the information that a person is a registered user of Grindr is information about the person's sexual relationships or sexual orientation," the ruling states (case no. 23-160384TVI-TOSL/04). Grindr had thus disclosed particularly sensitive data (Article 9 of the EU General Data Protection Regulation). The example of a US organization that wanted to use Grindr data to report gay priests to the Catholic Church shows just how sensitive the mere use of the dating app is.
The data protection authority's proceedings against Grindr were triggered by an extensive complaint from the Norwegian Consumer Council (Forbrukerrådet). It is satisfied that the Datatilsynet decision has now also been upheld in the court of first instance: This is a "significant victory in the fight to protect consumer privacy and safety online", say the Norwegian consumer advocates.
British class action lawsuit
Grindr, which has since declared itself a pioneer for data protection, can still appeal. Proceedings are also currently underway against Grindr in the United Kingdom; those affected have filed a class action based on a data protection supervisory decision.
Although Norway is not a member of the European Union, it is a member of the European Free Trade Association (EFTA) and therefore of the European Economic Area (EEA). Since July 20, 2018, the EU's General Data Protection Regulation has also applied in the EFTA states of Iceland, Liechtenstein and Norway. The Kingdom's data protection authority has already shown in other cases, such as against Meta, that it interprets the law restrictively and is prepared to apply it.
- The Urteil gegen Grindr , ref. 23-160384TVI-TOSL/04
(ds)
