NORWEGIAN DPA ISSUES DRAFT DECISION ON € 10 MILLION FINE TO GRINDR LLC

27.01.2021

European Data Protection Board (“EDPB”) announced that the Norwegian Data Protection Authority (“NDPA”) has issued a draft decision and has notified Grindr LLC (“Grindr”) that their intention about issuing an administrative fine of NOK 100 000 000 (around € 10 Million) for not complying with the GDPR rules on consent.

The NDPA stated Grindr unlawful sharing users’ personal data (such as GPS location, user profile data, sexual orientation) with third parties for marketing purposes without any valid consent.

The consents of the users are invalid because users were not able to exercise real and effective control over the sharing of their data. Users were forced to accept the privacy policy in its entirety to use the app, and they were not asked specifically if they wanted to consent to the sharing of their data with third parties. Moreover, the information about the sharing of personal data was not properly communicated to users. Grindr’s system is basically pressuring users to give consent, but the users are not properly informed about what they are consenting to, therefore are not compliant with the law.

Although Grindr does not have any establishments within the EEA, the company is offering goods or services to, or that monitor the behavior of, people in the EEA. Based on this situation, NDPA notified Grindr about the intention of imposing a fine of approximately 10 % of the company’s turnover. Grindr now has the opportunity to comment on NDPA’s findings until 15 February 2021.

You can find the text of the EDPB’s statement  here.

Should you have any queries and/or remarks, please do not hesitate to contact us. 

 

Kind regards,

Zumbul Attorneys-at-Law

info@zumbul.av.tr