Metro Weekly

Grindr faces $12 million fine for allegedly sharing users’ personal data

Norway accuses Grindr of sharing profile and location data, but the dating app refutes the claims

grindr, privacy, data, gay
Photo: Grindr

Gay dating app Grindr faces an almost $12 million fine for alleged privacy violations.

The Norwegian Data Protection Authority is accusing Grindr of illegally sharing personal data from users of the free version of the app with third-party companies.

Specifically, they’re accusing Grindr of sharing profile data, location data, and “the fact that the user in question is on Grindr” for marketing purposes, ABC News reports.

“Our preliminary conclusion is that Grindr needs consent to share these personal data and that Grindr’s consents were not valid,” the NDPA said in a statement. “Additionally, we believe that the fact that someone is a Grindr user speaks to their sexual orientation, and therefore this constitutes special category data that merit particular protection.”

It comes after the Norwegian Consumer Council investigated ten apps last year and found that Grindr was sharing sensitive user data to more than a dozen companies.

The NCC said Grindr and other dating apps OKCupid and Tinder were sharing location data, sexuality, and other information to “a large number of shadowy entities.”

Grindr was specifically sharing data with more than a dozen companies, the NCC said, data that included user tracking information and the name of the app, outing users as LGBTQ.

Read More: Grindr accused of sharing users’ sensitive data to multiple companies

In this most recent accusation, the NDPA said Grindr wasn’t allowing users to have direct control over their personal data and that its privacy policy forced them into consenting without proper information on what happened with their data.

Grindr refuted the NDPA’s assessment, telling ABC News that the agency was using data from 2018 and that its claims “do not reflect Grindr’s current Privacy Policy or practices.”

The company said it was continually enhancing its privacy practices and was “[looking] forward to entering into a productive dialogue with the Norwegian Data Protection Authority.”

Regulators have given Grindr until Feb. 15 to respond to the allegation. If the fine is implemented, it will be 100 million Norwegian krone ($11.6 million at current exchange rates) — the largest fine ever issued by the NDPA.

Grindr’s chief privacy officer, Shane Wiley, published a post on the company’s official blog to “address one of the areas that I think many people get wrong about privacy at Grindr: online advertising.”

“Like many mobile applications, we support the free version of Grindr through advertising and rely on ad partners to help us in this effort,” Wiley wrote. “Much of the incorrect reporting in this area is on what data is shared with our advertising partners.”

He said that the company does not share precise location data with advertisers, but only a “general sense of where the user is in the world” through the user’s device IP Address.

Wiley said that Grindr “never collects the full precision of a device’s location” and instead only leverages phone data to “within 100 meters (328 feet) of accuracy to your actual location,” and that Grindr also doesn’t share a user’s age or gender with ad partners.

Instead, he said ad partners receive “the basics and only the basics” such as IP Addresses and the user’s device make and model.

“We share only the most basic information — which users largely control — and nothing about a user’s Grindr account details,” Wiley wrote. “This last point is worth repeating: there is nothing from within a user’s Grindr account details that is shared with an ad partner. Full stop.”

In 2018, Grindr faced similar scrutiny after it was admitted to sharing users’ HIV status with two outside companies for testing purposes.

The data sharing arrangement allowed the companies to see a user’s HIV status and their “last tested date,” for those who are HIV-negative or on pre-exposure prophylaxis.

Grindr said at the time that the firms were required to provide “the highest level of confidentiality, data security and use privacy,” but the data being sent — including HIV status, users’ GPS data, phone ID, and email — could be used to identify specific users.

Related:

Man accused of stabbing and torturing gay teen he met on Grindr will face hate crime charges

Grindr reveals which country has the most tops in 2020 recap

Texas teen charged with murder after luring victims through Grindr

Read More:

Puerto Rico governor declares 18-month “state of emergency” over gender-based violence

Senate committee approves Pete Buttigieg’s nomination for transportation secretary

Nonbinary student goes viral after calling out professor who refused to use correct pronouns

Support Metro Weekly’s Journalism

These are challenging times for news organizations. And yet it’s crucial we stay active and provide vital resources and information to both our local readers and the world. So won’t you please take a moment and consider supporting Metro Weekly with a membership? For as little as $5 a month, you can help ensure Metro Weekly magazine and MetroWeekly.com remain free, viable resources as we provide the best, most diverse, culturally-resonant LGBTQ coverage in both the D.C. region and around the world. Memberships come with exclusive perks and discounts, your own personal digital delivery of each week’s magazine (and an archive), access to our Member's Lounge when it launches this fall, and exclusive members-only items like Metro Weekly Membership Mugs and Tote Bags! Check out all our membership levels here and please join us today!