NCC & noyb GDPR complaint: "Grindr" fined € 6.3 Mio over illegal data sharing
Content
Identification & Authentication NCC & noyb GDPR complaint: "Grindr" fined € 6.3 Mio over illegal data sharing Today, the Norwegian Data Protection Authority imposed a fine of 65 Mio NOK (€ 6.34 Mio or $ 7.17 Mio) on Grindr. The LGBTQI dating app had not received valid consent from users, but had been sharing sensitive personal data nonetheless. Link to the decision by the Norwegian DPA (PDF) Background of the case. On 14 January 2020, the Norwegian Consumer Council (Forbrukerrådet; NCC) filed three strategic GDPR complaints in cooperation with noyb. The complaints were filed with the Norwegian Data Protection Authority (DPA) against the queer dating app Grindr and five adtech companies that were receiving personal data through the app: Twitter`s MoPub, AT&T’s AppNexus (now Xandr), OpenX, AdColony, and Smaato. Grindr had been sending sensitive personal data to hundreds of potential advertising partners. The ‘Out of Control’ report by the NCC described in detail how a large n