Menu
A burlap pouch lies on top of various Euro banknotes. The visible denominations include 100, 200, and 500. The bills are colorful, each featuring different architectural designs. The pouch is small and textured, contrasting with the smooth, vibrant currency beneath it.

Court of Appeal upholds GDPR fine against Grindr

, , , , , , , , , , , , ,

A Norwegian court of appeal has upheld a landmark fine against the dating app Grindr for violating EU General Data Protection Regulation (GDPR) and Norwegian privacy law. The decision confirms that personal data shared on location-based social platforms must be handled with heightened care; failing to do so may lead to substantial administrative fines. Authorities found that Grindr disclosed highly sensitive personal data—such as users’ sexual orientation and precise location—without a valid legal basis or sufficient safeguards.

The court emphasized that processing of sensitive personal data and granular location information requires a clear legal ground and robust technical and organizational protections. The judgment highlights inadequate transparency and consent practices, insufficient minimization of data collection, and weaknesses in data-sharing agreements with third parties. As a result, the fine previously imposed by Norway’s data protection authority was maintained, signaling strict scrutiny of practices that combine sensitive attributes with persistent tracking.

For controllers and processors, the ruling underscores practical compliance steps: perform thorough DPIAs (data protection impact assessments) when services process sensitive categories or continuous location data; adopt privacy-by-design defaults that minimize retention and sharing; ensure consent is freely given, specific, informed and demonstrable; and tighten contractual and security controls for any data recipients. Supervisory authorities across the EU are likely to use the decision as persuasive guidance when examining apps that monetize personal profiles and movement data.

The upheld fine serves as a clear reminder that large-scale commercial profiling and location-based monetization carry material legal and reputational risks under the GDPR. Organizations operating or offering services in the EU should review data flows, consent mechanisms, and third-party disclosures now, and prioritize remediation steps where needed to avoid similar enforcement outcomes and protect user rights.

  • Save

Related Posts

Share via
Facebook
Twitter
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Copy link
CopyCopied