Grindr, the online dating app, has been slapped with a penalty of £5.5 million for selling user information to advertisement firms without the consent of its users on a respective note. The final decree was announced against the lawsuit that was filed in April 2018 against Grindr.
The Norwegian Data Protection Authority (NDPA) pronounced the financial penalty on Grindr for not complying with GDPR rules and failing to protect the user information from flowing towards third parties.
The leaked info includes age, gender, advertising ID, HIV status and HIV testing dates, IP address, GPS Location, and their se$ual orientation.
A source from the dating app meant for the gay, trans, bi, and queer community said that there were no illegalities in data sharing as it was done as per the data sharing laws. However, the source admitted that the information sharing was done without informing users that their data could be accessed by advertisement firms.
Norwegian Data Protection authority states that the penalty was actually pronounced to be £8.5m. But as Grindr stated that its financial situation is poor currently, because of a COVID-19 driven business slump, the penalty was reduced which still cites to be the largest monetary punishment slapped by NDPA.
However, Grindr has been awarded a 3 weeks time-frame to counter the appeal.
Note 1- Recently, the Ireland’s Information Commissioner slapped a €225 million penalty on WhatsApp for failing to being transparent regarding its user data storage and protection
Note 2- In July this year, Amazon was also slapped with a fine of $886.6 million for failing to process the personal data of its users.
Note 3- In October 2020, Norwegian Consumer Council discovered the app had a password reset vulnerability that could lead hackers to a data breach only by typing an email address.