Popular dating app Grindr is taking the Norwegian authorities to court, disputing the interpretation of the General Data Protection Regulation (GDPR) by the Norwegian Data Protection Authority and the Personal Data Protection Board. This follows a hefty fine of approximately €6.3 million that was upheld by the appeals body last autumn. Grindr’s data protection representative, Kelly Peterson Miranda, has stated that the lawsuit isn’t about past practices, but about the potential implications on all data processing within Grindr.
The initial decision from the authority was based on a report from the Consumer Council, which revealed that Grindr had been sharing user data such as GPS location, advertiser ID, and the app’s name with marketing partners. Grindr insists that this data sharing was in line with an industry standard that is no longer employed. The app, which is particularly popular among gay men in Norway, is seeking clearer guidance on whether the use of Grindr itself turns all the data they collect and process into special categories of personal data.
Under privacy regulations, processing such personal data is generally prohibited, and there are stringent requirements on how it is used. Miranda has expressed concern that the Norwegian decisions could make it challenging to operate services like Grindr in Europe. She argues that the decisions set guidelines not only for targeted advertising but also for other activities like fraud prevention and contextual advertising.
In addition to seeking clearer guidance, Grindr is also hoping to have the record fine reduced or completely removed. Meanwhile, the Norwegian Data Protection Authority maintains that the tribunal’s decision is accurate and will be closely following the case. They have also noted that privacy is being challenged by large commercial entities that use their resources and legal prowess to defend their business models.