Norway fines Grindr for $7.3 million over privacy breach

Grindr disputes the agency's findings.
LONDON, ENGLAND - NOVEMBER 24: The "Grindr" app logo is seen amongst other dating apps on a mobile phone screen on November 24, 2016 in London, England. Following a number of deaths linked to the use of anonymous online dating apps, the police have warned users to be aware of the risks involved, following the growth in the scale of violence and sexual assaults linked to their use. (Photo by Leon Neal/Getty Images)

Norway’s data protection agency is fining LGBTQ+ social app Grindr nearly $7.1 million for unlawfully disclosing personal data to third parties for marketing.

The ruling follows a 2020 complaint by the Norwegian Consumer Council alleging that Grindr shared user device data with third parties that, due to the nature of the app, effectively allowed advertisers to connect those users with information about their sexual orientation.

The Norwegian DPA, known as Datatilsynet, concluded that Grindr did not have proper consent mechanisms in place allowing users to specifically opt-in to the sharing of their data for advertisements by third parties.

“We consider that data revealing the fact that someone is a Grindr user strongly indicates that they belong to a sexual minority,” the DPA wrote. “Data concerning a person’s sexual orientation constitutes special category data that merit particular protection under the GDPR. As the consents Grindr collected were not valid, Grindr could not lawfully share such data.”


The fine is slightly less than the $12 million the Norwegian regulator announced it intended to issue earlier this year. The authority cited additional financial information about Grindr and changes made by the company to address the privacy concerns in its final determination.

Grindr is disputing the findings and is weighing its right to appeal under Europe’s General Data Protection Regulation (GDPR), company chief privacy officer Shane Wiley said in a statement.

“We strongly disagree with Datatilsynet’s reasoning, which concerns historical consent practices from years ago, not our current consent practices or Privacy Policy,” Wiley said in a statement. “Even though Datatilsynet has lowered the fine compared to their earlier letter, Datatilsynet relies on a series of flawed findings, introduces many untested legal perspectives, and the proposed fine is therefore still entirely out of proportion with those flawed findings.”

The investigation covers the app’s policies in Norway between July 2018 and April 2020, when the company changed how it asked for consent in response to the complaint. The DPA’s investigations into the five advertising partners that received data from Grindr are still ongoing.

Tonya Riley

Written by Tonya Riley

Tonya Riley covers privacy, surveillance and cryptocurrency for CyberScoop News. She previously wrote the Cybersecurity 202 newsletter for The Washington Post and before that worked as a fellow at Mother Jones magazine. Her work has appeared in Wired, CNBC, Esquire and other outlets. She received a BA in history from Brown University. You can reach Tonya with sensitive tips on Signal at 202-643-0931. PR pitches to Signal will be ignored and should be sent via email.

Latest Podcasts