The Norwegian Data Protection Authority (DPA) announced on Tuesday that it has fined dating app Grindr 100 million Norwegian crowns ($11.7 million) for illegally disclosing the personal information of its users with advertising firms.
Grindr is a US-based social networking app for gay, bisexual, transgender and queer individuals.
The DPA said it only escalated the issue after receiving a complaint from the Norwegian Consumer Council, indicating that Grindr unlawfully shared the user data for marketing purposes.
In its report last year, the council detailed how Grindr and other dating apps divulged their user data to advertising technology partner firms.
The council said such move is against the GDPR privacy rules of the EU.
Despite not being a member of the bloc, Norway has been enforcing equivalent rules and regulations of the EU.
DPA said this move led to the exposure of sensitive personal information of the dating app’s users, which potentially include the sexual orientation of the users without their knowledge.
“Grindr is seen as a safe space, and many users wish to be discreet. Nonetheless, their data have been shared with an unknown number of third parties, and any information regarding this was hidden away,” said DPA Director-General Bjorn Erik Thon.
Bill Shafton, Grindr’s vice president for business and legal affairs, said in a press release that the company is hopeful to have a productive conversation with the Norwegian watchdog.
“We continually enhance our privacy practices in consideration of evolving privacy laws and regulations, and look forward to entering into a productive dialogue with the Norwegian Data Protection Authority,” Shafton said in a statement.