Rights International Spain (RIS) – No Violation (Spain, 2022)

Rights International Spain (RIS), a Spanish human rights NGO, filed a claim against LGBTQ Social Network App GRINDR (Grindr LLC) with the Spanish DPA (AEPD) on 9 March 2020. The claim was based on the [https://www.forbrukerradet.no/out-of-control/ “Out of Control” report] on targeted advertising practices published by the Norwegian Consumer Council (NCC), and the claimant selected Grindr as an example of potentially problematic data mining practices without data subject’s knowledge and consent. = The AEPD inquired if any other DPAs were carrying out procedures on this topic through the mutual assistance provision in Article 61 GDPR. The AEDP received affirmative replies from the Norwegian, Slovenian and French DPA. The Norwegian DPA informed the AEPD that its current investigation was in response to a claim received in January 2020. Hence, it was basing its investigation on Grindr’s active Consent Management Platform (CMP) at that time, and not on the updated CMP introduced in April 2020. The Norwegian DPA expressed that, according to their investigation, the consent obtained by Grindr for processing personal data used for marketing purposes seemed to be in breach of GDPR (see the summary of the Norwegian DPA's Grindr decision here). The Norwegian DPA also considered that Grindr was specifically oriented towards the LGBTQ community, and therefore, a legal basis under Article 9(2) GDPR for the processing of special categories of data was also required in this case. The Slovenian DPA informed the AEPD that it had also received a claim based on the same report, and was still awaiting a reply from Grindr’s representatives. The French DPA stated that it had received two complaints regarding this issue, but had not yet initiated any procedures at that moment. = In its response to the AEPD, Grindr highlighted that it had updated its CMP, which gives the data subject granular information regarding every non-essential processing element, allowing the user to activel