Norway is planning to fine gay dating app Grindr more than €9 million for data privacy breaches.
The country's data protection watchdog has accused the company of failing to get consent from users before sharing their personal information with advertising companies, in breach of stringent European Union privacy rules.
The authority stated on Tuesday that it notified Grindr LLC of its draft decision to issue a fine for 100 million Norwegian krone (over €9.6 million), equal to 10% of the U.S. company's global revenue.
It comes after a complaint by the Norwegian Consumer Council, which had alleged that users' personal data was being shared unlawfully for marketing purposes.
Leaking personal information
In a 2020 report, the council had said that Grindr and other dating apps were leaking personal information to technology partner companies to use for targeted advertising.
Although Norway is not a member of the European Union, the country closely mirrors the bloc's regulations, including stringent GDPR privacy rules.
The Norwegian Data Protection Authority said that compromised data included GPS location and user profile information, which could reveal their sexual orientation and therefore merit special protection.
"Users were not able to exercise real and effective control over the sharing of their data," said the authority's director-general, Bjorn Erik Thon.
"Business models that involve forcing the user to agree to something, and without explaining well what they agree to, are not in line with the law."
Infringement of 'valid consent'
The Data Protection Authority said the way Grindr asked users for permission to use their information went against GDPR's requirements for "valid consent".
Grindr's spokesperson in Norway confirmed the state broadcaster NRK that it had received a letter from regulators about the fine, but the company has not publically commented further.
"Grindr is looking forward to entering into a dialogue with the Norwegian Data Protection Authority," spokesperson Bjoern Richard Johansen told NRK.
The app has until February 15 to respond to the notice, before Norway's watchdog publishes its final decision.
"We hope that this marks the starting point for many similar decisions against companies that engage in buying and selling personal data," said Finn Myrstad, director of digital policy at the Norwegian Consumer Council.
The authority is still investigating five "ad tech" companies that received data from Grindr, including Twitter's mobile app advertising platform, MoPub.