Norway: Borgarting Court of Appeal upheld NOK 65 million fine against Grindr over personal data breach

On 21 October 2025, Norway's Borgarting Court of Appeal upheld a NOK 65 million fine against Grindr LLC for breaching Article 9 of the General Data Protection Regulation, which prohibits the processing of special categories of personal data. The court ruled that sharing an application identity (App ID) with advertisers, which identified users as Grindr dating app users, disclosed special category personal data about sexual orientation. It also stated that consent was invalid because it was bundled with service access, and users had no genuine choice. It was further stated that Grindr's 7.5-page privacy policy lacked clarity about data sharing scope and recipients. The court found intentional breach based on the knowledge by company officers. The fine was deemed to be proportionate for disclosing sensitive data from millions of users over two years to thousands of advertisers.