Norwegian data protection body fines Grindr NOK 100 mln for GDPR breach

News Wireless Global 26 JAN 2021
Norwegian data protection body fines Grindr NOK 100 mln for GDPR breach

The Norwegian Data Protection Authority has issued advance notification of a NOK 100 million fine to dating application Grindr, after a legal complaint from the Norwegian Consumer Council. The fine is 10 percent of Grindr’s global annual revenue. Grindr has until 15 February to submit comments on the decision to uphold the complaint for breaches of the General Data Protection Regulation (GDPR).

In 2020, the Norwegian Consumer Council revealed that many mobile apps collect and share large amounts of sensitive information without users' knowledge. Based on these findings, the council and privacy rights group Noyb filed legal complaints against Grindr and five commercial partners for breaches of the GDPR.

The Norwegian Data Protection Authority rules that Grindr users were not given sufficient information about how personal data were collected and shared with third party companies. Consumers had to accept data sharing with third parties in order to use the app, it added.

Finn Myrstad, director of digital policy at the Norwegian Consumer Council, said the council now expects Grindr to ensure that any personal information that was illegally collected and shared with third parties is deleted. Other companies and apps that engage in similar activities should ensure that they are operating in accordance with the legal precedence that has now been established, Myrstad added.

The council says that its revelations in 2020 led to more than 40 consumer and human rights organisations in the EU and US notifying their national authorities about the findings and calling for an end to "the data free-for-all".

Myrstad said the authority’s ruling establishes strict legal requirements on a whole industry that profits from collecting and sharing information about preferences, location, purchases, physical and mental health, sexual orientation and political views. There are examples of personal data being used to manipulate elections, and privacy breaches leading to scams or persecution, for example in countries where homosexuality is illegal, he added. 

Monique Goyens, director general of The European Consumer Organisation (BEUC), said the decision sends a clear signal that it is illegal to monitor consumers without their consent around the clock and to collect and share their data. The GDPR "does have teeth", and consumer groups are ready to act against those who break the law, she added.

Ala Krinickyte, data protection lawyer at Noyb, said the ruling sends the message that "take it or leave it" is not consent, adding that this applies to many websites and apps.

Categories:

MobileInternet

Regions:

Global

Countries:

Norway

Tags:

Messaging, IT - applications, Wireless, Legislation - Lawsuits

Related Articles

NORWAY 15 DEC 2021

Norwegian Data Protection Authority cuts Grindr fine after hearing more arguments

The Norwegian Consumer Council said that the national Data Protection Authority has reduced the fine imposed on dating app Grindr for sharing personal data without a legal basis from NOK 100 million to NOK 65 million. This follows the Consumer Council's 2020 complaint that Grindr collected and shared sensitive personal user data with several commercial third parties, who reserved the rights to pass on details to potentially thousands more companies for surveillance-based advertising.

FRANCE 7 APR 2021

Noyb lodges new complaint against Android tracking code in French e-privacy case

Google faces a fresh complaint in France over the use of a tracking code known as Android Advertising Identifier (AAID). Max Schrems's privacy rights group Noyb has asked French data watchdog CNIL to investigate alleged "illegal operations" linked to how Google stores and accesses the AAID on Android devices, arguing that they amount to a violation of the French law implementing the EU e-privacy directive. The complaint states that the AAID is used for advertising tracking purposes only and that Google is u

ROMANIA 1 APR 2021

Telekom Romania fined for leaking data of nearly 100,000 customers

Romania's data protection authority (ANSPDCP) said it fined Telekom Romania Mobile RON 64,000 (EUR 15,000) for not implementing adequate technical and organisational measures to secure customers' personal data. The authority issued fines for two contraventions, of RON 49,000 and RON 15,000 respectively.

GLOBAL 17 MAR 2021

Norwegian Consumer Council wants Grindr to be forced to delete illegally gathered personal data

The Norwegian Consumer Council is asking the country's the Data Protection Authority to impose measures to ensure that the dating application Grindr identifies and deletes illegally collected personal data. The authority had already announced a fine of NOK 100 million against the app, or about 10 percent of Grindr's annual global revenue.

EUROPE 27 JAN 2021

BEUC files premature obsolescence complaint against Nintendo in bid to curb e-waste

The Norwegian Consumer Council, European Consumer Organisation BEUC and other members have complained to the European Commission and national consumer protection authorities about defective Nintendo Switch controllers. The complaint is for premature obsolescence and misleading omissions of key consumer information, BEUC Director General Monique Goyens said creating unnecessary electronic waste completely goes against the objectives of the European Green Deal.

EUROPE 18 DEC 2020

Consumentenbond: duizenden klachten over Nintendo Switch

De Consumentenbond zegt in korte tijd meer dan 9.200 meldingen binnen te hebben gekregen over mankementen aan de Nintendo Switch. Tien Europese consumentenorganisaties hebben begin december samen gevraagd naar klachten over de controllers. Dat levert ruim 20.700 klachten op.

EUROPE 15 DEC 2020

Twitter fined EUR 450,000 by DPC for breach of GDPR regulations

Twitter has been fined EUR 450,000 by Ireland's Data Protection Commission (DPC) for a breach of the EU's GDPR regulations. The Irish privacy watchdog is in charge of monitoring Twitter's operations across the EU. 

EUROPE 16 NOV 2020

Noyb files Spanish and German privacy complaints against Apple tracking code

Privacy rights group Noyb has followed a series of actions launched against Facebook, Google and others by filing new complaints with Spanish and German data protection authorities over Apple's 'IDFA' tracking tool. The group led by privacy activist Max Schrems claimed that the tracking code enables Apple and all apps on iPhones to store users' data without their consent in what amounts to a clear infringement of EU privacy law.

EUROPE 24 JUN 2020

EU holds first meeting with industry stakeholders on cybersecurity certification plans

The EU Cybersecurity Act adopted a year ago gives the network security regulator Enisa more powers to monitor cybersecurity and coordinate preventative actions such as product certification. Setting minimum security standards and creating quality labels is expected to help increase trust in local products, with an EU-level programme also reducing the costs. 

NORWAY 16 JUN 2020

Norway puts coronavirus tracking app Smittestop on hold on privacy grounds

Norway's Public Health Institute (FHI) said it will stop gathering information through the Smittestopp coronavirus mobile application and will delete data already collected, after the Norwegian Data Protection Authority (Datatilysnet) issued a temporary ban on privacy grounds. The authority said the app interferes disproportionately with user privacy given the current virus transmission rate, the technology chosen, and general support for the app.

EUROPE 14 MAY 2020

Noyb.eu files formal GDPR complaint against Google

Austria-based non-profit organiation Noyb said it filed a formal GDPR complaint against Google with the Austrian data protection authority for illegally tracking users through an "Android Advertising ID". The gathered data with this unique tracking ID is passed on to countless third parties in the advertising ecosystem. Noyb said end-users have no real control over it as Google doesn't allow them to delete their IDs, just to create new ones. 

NORWAY 14 JAN 2020

Norwegian consumer council files GDPR breach complaint against Grindr and others

The Norwegian Consumer Council said the online advertising industry is behind comprehensive illegal collection and indiscriminate use of personal data. Its director of digital policy, Finn Myrstad, said these practices are "out of control" -- which is also the name of its report on the subject -- and in breach of European data protection laws. It is filing a GDPR complaint against Grindr and others.

Just In

19 DEC 16:42

SLT-Mobitel launches 5G network in Sri Lanka

19 DEC 16:19

Dialog Axiata launches 5G network, connects 1.5 million subscribers

19 DEC 15:56

UK govt to ban AI-enabled nudification apps to protect women, girls

19 DEC 15:42

3 UK launches last-minute Christmas sale

Commentary

13:56

Video market set for slower growth ahead

11:38

Netflix buys Warner Bros to deepen content catalogue

11:11

KPN's mixed performance in Q3 raises questions for strategy day

15:26

Stock markets breaking records but what happened to Odido's IPO plans?

Background

01:04

The week in telecom: Wi-Fi bolt-ons take off to boost broadband growth, video market works on consolidation

01:39

The week in telecom: Netflix wins bidding for Warner Bros, Apple poaches new execs, Samsung debuts trifold

13:51

Proximus vs. Telenet: Proximus performs better in Q3 while Telenet uses up cash

14:16

Proximus Domestic still struggling with low margins

Complete profile

Before downloading the whitepaper, we would like to ask you to complete your profile with company and position. After confirming you will receive the white paper.