Grindr is set to be slapped with a hefty fine after regulators found it had illegally disclosed user data to advertising firms.
The Norwegian Data Protection Authority has announced an intention to fine the gay dating app 100m krona (£8.5m) — equivalent to 10 per cent of its annual turnover — over the breach.
The proposed penalty follows a consumer complaint filed last year that accused the platform of sharing personal data with third parties for marketing purposes.
Location, personal profile details and the fact that the user is on Grindr were all subject to the data sharing.
The regulator said this data merited special protection as it could reveal details about someone’s sexual orientation.
The consumer complaint had warned that exposing Grindr data could be a matter of physical safety if users were located and targeted in countries where homosexuality is illegal.
“We have notified Grindr that we intend to impose a fine of high magnitude as our findings suggest grave violations of the GDPR,” said director general Bjorn Erik Thon.
“Users were not able to exercise real and effective control over the sharing of their data. Business models where users are pressured into giving consent, and where they are not properly informed about what they are consenting to, are not compliant with the law.”
Grindr, which did not immediately respond to the proposed fine, has until 15 February to respond to the claims before the regulator makes its final decision.
While Norway is not a member of the EU, its data protection policy is governed by Europe’s GDPR laws.
If confirmed, the fine will be the Norwegian Data Protection Authority’s largest fine to date.
Investigations into complaints filed against three of the five ad firms that received the data, including Twitter-owned MoPub and OpenX, are ongoing.