Norwegian Data Protection Authority cuts Grindr fine after hearing more arguments

News Wireless Norway 15 DEC 2021
Norwegian Data Protection Authority cuts Grindr fine after hearing more arguments

The Norwegian Consumer Council said that the national Data Protection Authority has reduced the fine imposed on dating app Grindr for sharing personal data without a legal basis from NOK 100 million to NOK 65 million. This follows the Consumer Council's 2020 complaint that Grindr collected and shared sensitive personal user data with several commercial third parties, who reserved the rights to pass on details to potentially thousands more companies for surveillance-based advertising.

Originally, the DPA announced a preliminary fine of NOK 100 million but this has been reduced to NOK 65 million after the DPA received further arguments from Grindr. There is a right to take the case to the Norwegian Privacy Appeals Board (Personvernnemda).

Policy director Finn Myrstad said the Consumer Council is pleased that the Data Protection Authority has upheld its complaint and found that Grindr had been operating in breach of the law. However, the council said authority’s final decision did not address its request for stronger sanctions

These sanctions would have required Grindr to declare which third parties have had access to private details and to provide information on their potential onward spread; delete all the personal data collected illegally and make sure third parties are told to do likewise; and ensure that users are no longer exposed to their private details being passed on to other firms.

Myrstad said this information was illegally collected and must be considered as particularly sensitive as it concerns users’ sexual orientation.

The Norwegian Consumer Council said that it had commissioned technical tests from the security company Mnemonic. Research on the advertising technology industry and specific data brokers was done with help from researcher Wolfie Christl at Cracked Labs. Other Grind app auditing was done by MetaX researcher Zach Edwards. The legal analysis and formal complaints were written with assistance from Noyb, the European digital rights group founded by activist Max Schrems. 

Categories:

Mobile

Countries:

Norway

Tags:

Regulations, IT - applications, Wireless, Consumer, Advertising services

Related Articles

EUROPE 23 JUN 2023

Privacy activist Schrems files GDPR complaint against Proximus

Austrian privacy activist Max Schrems has filed a complaint with Belgium's Data Protection Authority (DPA) against Proximus, De Tijd reported. According to the complaint, filed by non-profit association Nyob in Vienna, Proximus could risk a fine of up to EUR 236.4 million. The complaint specifically targets Proximus and its subsidiaries Bics and TeleSign.

NORWAY 27 SEP 2022

Norwegian Consumer Council urges government action to improve privacy in 6 main points

Norway's Consumer Council said it is asking the government to do more to ensure Norwegian consumers' privacy, after the Privacy Commission presented its report "Your privacy - our joint responsibility". The commission had been appointed by the Solberg government in 2020 and its report makes 140 suggestions to improve privacy.

NORWAY 24 AUG 2022

Norway Data Protection Authority urges fines for Meta for sending European private information to US

Norway's Data Protection Authority has told its peer regulators that Meta Platforms should be fined for continuing to send Europeans' personal information to the US in breach of an EU court ruling, Politico reported, citing a partially redacted document obtained under freedom of information laws. Datatilsynet said there would be little or no incentive to act in accordance with EU data transfer laws if regulators do not impose a fine on Meta.

EUROPE 18 JAN 2022

EU privacy violation fines jump to over EUR 1 billion in 2021

Almost EUR 1.1 billion in fines for violations of the EU's General Data Protection Regulation were issued in 2021, according to research by DLA Piper. The amount was nearly 600 percent higher than the previous year, when EUR 159 million in fines were issued. The total covers the 27 EU members plus the UK, Norway, Iceland and Liechtenstein.

AUSTRIA 14 JAN 2022

Austrian data protection authority says Google Analytics violates GDPR

The Austrian data protection authority (DSB) has ruled that Google Analytics violates the General Data Protection Regulation (GDPR), based on a complaint submitted by Noyb, the privacy rights group founded by Austrian activist Max Schrems. According to its ruling, Google has violated the general principles of data transmission in accordance with Article 44 of the GDPR, Der Standard reports. The article regulates the transfer of personal data to a third country or to an international organisation.

IRELAND 7 DEC 2021

Ireland's DPC denies claims that it lobbied EU regulators for Facebook

Ireland's Data Protection Commission (DPC) has denied recent media reports that it acted in bad faith in regulatory meetings with Facebook and lobbied the European Data Protection Board (EDPB) with a view to GDPR Article 6 guidelines being adopted in Facebook's best interests. The reports followed claims by Noyb, European digital rights group founded by activist Max Schrems. 

EUROPE 31 MAY 2021

Noyb files over 500 complaints to companies over unlawful cookies

Noyb, the privacy rights group founded by activist Max Schrems, has tabled over 500 draft complaints to companies using cookie banners that do not comply with the requirements of the General Data Protection Regulation (GDPR). According to Noyb, companies use so-called "dark patterns". Such company websites are designed in such a way that the buttons for rejecting cookies are difficult to find.

GLOBAL 17 MAR 2021

Norwegian Consumer Council wants Grindr to be forced to delete illegally gathered personal data

The Norwegian Consumer Council is asking the country's the Data Protection Authority to impose measures to ensure that the dating application Grindr identifies and deletes illegally collected personal data. The authority had already announced a fine of NOK 100 million against the app, or about 10 percent of Grindr's annual global revenue.

GLOBAL 26 JAN 2021

Norwegian data protection body fines Grindr NOK 100 mln for GDPR breach

The Norwegian Data Protection Authority has issued advance notification of a NOK 100 million fine to dating application Grindr, after a legal complaint from the Norwegian Consumer Council. The fine is 10 percent of Grindr's global annual revenue. Grindr has until 15 February to submit comments on the decision to uphold the complaint for breaches of the General Data Protection Regulation (GDPR).

EUROPE 14 MAY 2020

Noyb.eu files formal GDPR complaint against Google

Austria-based non-profit organiation Noyb said it filed a formal GDPR complaint against Google with the Austrian data protection authority for illegally tracking users through an "Android Advertising ID". The gathered data with this unique tracking ID is passed on to countless third parties in the advertising ecosystem. Noyb said end-users have no real control over it as Google doesn't allow them to delete their IDs, just to create new ones. 

NORWAY 14 JAN 2020

Norwegian consumer council files GDPR breach complaint against Grindr and others

The Norwegian Consumer Council said the online advertising industry is behind comprehensive illegal collection and indiscriminate use of personal data. Its director of digital policy, Finn Myrstad, said these practices are "out of control" -- which is also the name of its report on the subject -- and in breach of European data protection laws. It is filing a GDPR complaint against Grindr and others.

Just In

19 DEC 16:42

SLT-Mobitel launches 5G network in Sri Lanka

19 DEC 16:19

Dialog Axiata launches 5G network, connects 1.5 million subscribers

19 DEC 15:56

UK govt to ban AI-enabled nudification apps to protect women, girls

19 DEC 15:42

3 UK launches last-minute Christmas sale

Commentary

13:56

Video market set for slower growth ahead

11:38

Netflix buys Warner Bros to deepen content catalogue

11:11

KPN's mixed performance in Q3 raises questions for strategy day

15:26

Stock markets breaking records but what happened to Odido's IPO plans?

Background

01:04

The week in telecom: Wi-Fi bolt-ons take off to boost broadband growth, video market works on consolidation

01:39

The week in telecom: Netflix wins bidding for Warner Bros, Apple poaches new execs, Samsung debuts trifold

13:51

Proximus vs. Telenet: Proximus performs better in Q3 while Telenet uses up cash

14:16

Proximus Domestic still struggling with low margins

Complete profile

Before downloading the whitepaper, we would like to ask you to complete your profile with company and position. After confirming you will receive the white paper.