Norway: Datatilsynet fines Grindr for disclosure of user information

On 15 December 2021, the Norwegian Data Protection Authority (Datatilsynet) issued a fine of NOK 65 million (approx. € 6.5 million) against Grindr for breaching GDPR consent requirements, representing the largest fine it has imposed so far. Datatilsynet found that Grindr has illegally shared personal user information with third parties, including GPS information, IP addresses, as well as age and gender. Further, the consent which Grindr collected from users to process and share such information was found not to be valid. Grindr can appeal the decision until 14 February 2022. Datatilsynet stated that it had received additional complaints from the Consumer Council about further breaches of the Privacy Ordinance, thus not ruling out future orders against Grindr.