A 6.5 million Euros fine was imposed on the LGBTQ dating application Grinder by Norwegian Data Protection Authority, for violations of the General Data Protection Regulation (GDPR).
The Norwegian DPA initially intended to fine Grinder for 10 million Euros but decided to reduce the fine due to changes in the company’s revenue and in light of the changes the company implemented in its consent mechanisms.
The Norwegian DPA found that Grinder shares users’ personal data with various companies for targeted advertisements, without obtaining the users’ consent. The personal data Grinder shares include location data, as well as a classification of the users according to their sexual orientation, which is a special category of data under GPDR.