Grindr – Court Ruling (Norway, 2025)

Grindr is a location-based dating app aimed at gay and bisexual men, transgender people and queer people. In 2020, the Norwegian Consumer Council filed a complaint against Grindr with the Norwegian Data Protection Authority. The reason for this was that Grindr disclosed personal data to several third parties for marketing purposes. The Norwegian Data Protection Authority concluded that Grindr disclosed personal data about its users to third parties for behavioural marketing without valid consent, and that the information about the use of the Grindr app constituted information about the users' sexual orientation or sexual relationships. In December 2021, the Data Protection Authority imposed a fine of NOK 65 million (€5 million). Grindr appealed the decision, and in 2022 the case was referred to the Privacy Appeals Board for review. In September 2023, the Board upheld the Data Protection Authority's conclusions and the decision to impose a fine. Grindr appealed against the Privacy Appeals Board’s decision, and in 2024, the Oslo District Court upheld the administrative fine. The Oslo District Court ruled that the consents were not valid and that Grindr transferred sensitive personal data to advertising partners. Grindr appealed the judgment from Oslo District Court to Borgarting Court of Appeal on 12 August 2025. The Court of Appeal dismissed Grindr’s appeal and upheld the Data Protection Authority’s decision and fine. It held that the information Grindr disclosed to its advertising partners, including users’ App IDs, constituted special categories of personal data under Article 9(1) GDPR, as this data indirectly revealed users’ sexual orientation and sexual relationships. Referring to CJEU case law, the court found that information which can indirectly reveal such sensitive details falls within the scope of Article 9(1) GDPR. Grindr’s argument that the data did not “reveal” sexuality and that its purpose was purely commercial was rejected because the app’s design,