U.S.-based Grindr, which describes itself as the world’s largest social networking app for gay, bisexual, transgender and queer people, did not immediately respond to an e-mailed request for comment.
“Our preliminary conclusion is that the breaches are very severe,” the Norwegian agency said in a statement announcing what it said was a record fine corresponding to around 10% of Grindr’s estimated global annual revenue.
Grindr has until Feb. 15 to respond to the claims, after which the Data Protection Authority will make its final decision in the case, the agency said.
The Norwegian Consumer Council (NCC), a watchdog, said in a January 2020 report that Grindr shared detailed user data with third parties involved in advertising and profiling, such as a user’s IP address, advertising ID, GPS location, age and gender.
In some cases, widespread sharing of personal data can become a matter of physical safety if users are located and targeted in countries where homosexuality is illegal, the NCC said at the time. In a statement on Tuesday, the NCC hailed the decision to fine Grindr as a historic victory for privacy.