Grindr is fined $11.7 million under European privacy law
The Norwegian Data Protection Authority said on Monday that it would fine Grindr, the world’s most popular gay dating app, 100 million Norwegian kroner, or about $11.7 million, for illegally disclosing private details about its users to advertising companies.
The agency said the app had transmitted users’ precise locations, user-tracking codes and the app’s name to at least five advertising companies, essentially tagging individuals as L.G.B.T.Q. without obtaining their explicit consent, in violation of European data protection law. Grindr shared users’ private details with, among other companies, MoPub, Twitter’s mobile advertising platform, which may in turn share data with more than 100 partners, according to the agency’s ruling.
Tobias Judin, head of the Norwegian Data Protection Authority’s international department, said Grindr’s data-mining practices not only violated European privacy rights but also could have put users at serious risk in countries, like Qatar and Pakistan, where consensual same-sex sexual acts are illegal.
“If someone finds out that they are gay and knows their movements, they may be harmed,” Mr. Judin said. “We’re trying to make these apps and services understand that this approach — not informing users, not gaining a valid consent to share their data — is completely unacceptable.”
The fine comes one year after European nonprofit groups lodged complaints against Grindr and its advertising partners with data protection regulators. In tests last January, The New York Times found that the Android version of the Grindr app was sharing location information that was so precise, it pinpointed reporters on the side of the building they were sitting on. In April, Grindr revamped its user consent process.
In a statement, a spokesperson for Grindr said the company had obtained “valid legal consent from all” of its users in Europe on multiple occasions and was confident that its “approach to user privacy is first in class” among social apps.
The statement added: “We continually enhance our privacy practices in consideration of evolving privacy laws and regulations, and look forward to entering into a productive dialogue with the Norwegian Data Protection Authority.”
The company has until Feb. 15 to comment on the ruling before it is final. The Norwegian agency said it was investigating whether the ad companies that received users’ details from Grindr had also violated European data protection law.”
Privacy experts said the ruling would have wide repercussions beyond dating apps.
“This not only sets limits for Grindr,” said Finn Myrstad, the director of digital policy for the Norwegian Consumer Council, one of the groups that lodged the complaints, “but establishes strict legal requirements on a whole industry that profits from collecting and sharing information about our preferences, location, purchases, physical and mental health, sexual orientation and political views.”
Reprodução de: https://www.nytimes.com/2021/01/25/business/grindr-gdpr-privacy-fine.html?searchResultPosition=1