Grindr – Court Ruling (Norway, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Grindr faced a court ruling after a complaint about how it shared user data without proper consent. This is significant because it emphasizes the need for apps to get clear permission from users before sharing their information. Small business owners should take note to ensure they have valid consent mechanisms in place.
What happened
Grindr was found to have shared user data with third parties without obtaining valid consent.
Who was affected
Users of the Grindr app whose data was shared without proper consent.
What the authority found
The Norwegian Data Protection Authority upheld its decision that Grindr failed to collect valid consent for data sharing, violating Articles 6(1) and 9 of GDPR.
Why this matters
This ruling serves as a warning that companies must prioritize user consent when handling personal data. Businesses should evaluate their consent processes to avoid similar issues.
GDPR Articles Cited
In 2020, the Norwegian Consumer Council (NCC), with the assistance of noyb’s legal analysis, filed a complaint to the Norwegian Data Protection Authority against the dating app Grindr. The Norwegian DPA fined Grindr NOK 65 million for failing to collect users' valid consent for sharing data with third parties for profiling and advertising purposes from the Grindr App (Datatilsynet - 20/02136-18). This decision was appealed by Grindr in February 2022. They argued that; Grindr does not process special categories of data, had obtained valid consent, that there was no legal basis for imposing a fine and that the DPA has misinterpreted Article 83 GDPR when applying the fine. The Norweigen DPA re-considered the case but found no reason to change its decision. The DPA submitted the case to the Norwegian Privacy Appeals Board (Personvernnemnda) in December 2022. Both Grindr and the NCC were given the opportunity to submit comments. In August 2023, Grindr requested the right to attend and speak during the case under [https://lovdata.no/dokument/LTI/forskrift/2018-06-15-876 section 5(5) of the Regulations on the processing of personal data,] and requested that the Board's consideration of the case be postponed until the Court of Justice had ruled on cases [https://curia.europa.eu/juris/fiche.jsf?id=C%3B446%3B21%3BRP%3B1%3BP%3B1%3BC2021%2F0446%2FP&nat=or&mat=or&pcs=Oor&jur=C%2CT%2CF&num=C-446&for=&jge=&dates=&language=en&pro=&cit=none%252CC%252CCJ%252CR%252C2008E%252C%252C%252C%252C%252C%252C%252C%252C%252C%252Ctrue%252Cfalse%252Cfalse&oqp=&td=%3BALL&avg=&lgrec=en&lg=&cid=3298842 C-446/21 Schrems v Facebook Ireland] and [https://curia.europa.eu/juris/liste.jsf?nat=or&mat=or&pcs=Oor&jur=C%2CT%2CF&num=C-21%252F23&for=&jge=&dates=&language=en&pro=&cit=none%252CC%252CCJ%252CR%252C2008E%252C%252C%252C%252C%252C%252C%252C%252C%252C%252Ctrue%252Cfalse%252Cfalse&oqp=&td=%3BALL&avg=&lgrec=en&lg=&page=1&cid=3099852 C-21/23 Lindenapotheke] which at the time were both prelimary refer
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Grindr in NO
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Grindr - Norway (2023). Retrieved from cookiefines.eu
Last updated: