Turns out you can't even meet hook ups in peace these days. On Wednesday, a Norwegian regulator called the Data Protection Authority hit dating app Grindr with a €6.3 million fine for sharing user data with advertisers without their consent.
"Our conclusion is that Grindr has disclosed user data to third parties for behavioral advertisement without a legal basis," said Tobias Judin, head of the Norwegian Data Protection Authority’s international department in a press release.
Grindr is a location-based dating app like Tindr, but it primarily caters to the LGBTQ+ community. The Norwegian release reports that the Norwegian Consumer Council filed a complaint against Grindr in 2020 because the app shared location, IP address, Advertising ID, age, and gender — not to mention just the potentially-sensitive fact that the user was on Grindr. It also said that once received, advertisers could further share that data with others.
In their investigation, the regulator found that users couldn't give proper consent to their data being shared because in order to use the app at all, you'd have to access data terms. In addition, the regulatory group said users weren't properly notified that their data was being used and shared.
Intriguingly, this case could have implications worldwide. The "grave" infractions fall under the EU's GDPR, or General Data Protection Regulation (GDPR), which was passed in 2018 and says that any company interacting with EU customers, regardless of where the company is based, must comply with strict privacy and security rules. If not, those companies will get hit with major fines — like Grindr just did.
In many ways, the EU is picking up the United States' slack here, because many of the world's top media companies are based in the US. Now, though, the likes of Facebook and Twitter, not to mention Grindr, will have to abide by GDPR rules — at least when it comes to their EU customers. And some US states were inspired enough by the legislation to pass their own, smaller versions, like California, which passed the California Consumer Protection Act in 2018.
Norway even reduced its initial fine, which was around €10 million, in part because Grindr had cleaned up its act a bit. It's not clear whether those changes affect users everywhere, but we hope they'll extend any new privacy and security measures to users around the globe.
If that is the case, US users will benefit from authorities who cares about checking, regulating and holding accountable large social media corporations. The EU's stricter regulations will have done more for US security than our own members of Congress, who frequently embarrass themselves by asking inane, outdated questions that show they have no idea what's going on.
So thanks, Norway. Seriously.
More on US failures: Hearings Show Congress Doesn't Understand Facebook Well Enough to Regulate It