Words: Alastair James
Grindr has been fined £5.5 million after it was found to have shared users' data with third-party advertisers by the Norwegian Data Protection Authority (DPA).
It follows an investigation by the Norwegian authorities, which took place after they received a complaint from the Norwegian Consumer Council. The Authority has said the sharing of data broke GDPR [General Data Protection Regulation] rules because it wasn't done with consent.
The fine was lowered from £8.6 million because Grindr shared information about its financial situation as well as proof it had made changes to the app.
"Grindr has disclosed user data to third parties for behavioural advertisement without a legal basis"
The BBC reports that the fine is the largest issued by the DPA because the sharing of data was seen as "grave". The DPA's international department head, Tobias Judin, is reported by the broadcaster to have said: "Our conclusion is that Grindr has disclosed user data to third parties for behavioural advertisement without a legal basis."
GPS location, IP address, advertising ID, age and gender were all shared with third-party advertisers. Sexual orientation is classed as a special category requiring protection under GDPR rules, according to the Beeb.
General Data Protection Regulation is an European Union law regarding data protection and privacy in the EU.
The DPA hasn't decided if changes to correct things made to the app since the sharing was discovered are GDPR compliant and Grindr could still be forced to delete the information by the regulator.
The company has three weeks to appeal this verdict.