Grindr, US-based gay, bi, trans and queer hook-up app, has been issued a €10M GDPR fine by the Norwegian data protection agency (“NDPA”) due to its failure to properly obtain consent from its users. Although GDPR provides for penalties of up to 4% of global revenues or €20M, whichever is higher, the fine levied on Grindr represents around 10% of its annual revenues, as an NDPA spokesperson stated that the magnitude of the fine matched the gravity of the violations.
Grindr has until February 15, 2021 to appeal the decision, and will likely do so, given that they’ve claimed to have obtained and retained valid consent from their users. Under the GDPR, an app user’s personal data may be legally shared if the app obtains their consent to do so, but consent must be informed, specific and freely given. The NDPA found that Grindr had failed to meet this standard, as the company forced users to accept the app’s privacy policy and consent to sharing their data with third parties. The NDPA also opined that sexual orientation could be determined by a user’s presence on Grindr, which would fall into the “sensitive” personal information that requires additional protective measures.
Consent has become a heightened point of emphasis for GDPR regulators, and we expect that to continue; it’s low hanging fruit for regulators, relatively easy to prove compared to other enforcement mechanisms available. It’s important for companies of all shapes and sizes to ensure they have obtained consent when collecting personal information (e.g. name, email, IP address, etc.) from European citizens; failing to do so will result in large fines.
Clym believes in striking a balance between legal compliance and business needs, which is why we provide a cost-effective, scalable and flexible platform to comply with LGPD, GDPR, CCPA and other laws, including those in the UK, as they come online. Our platform provides consumers with an effective and easy-to-navigate way to opt-out of data collection while not infringing upon the website UI that businesses rely on to drive revenues. Contact us today about how your company can implement Clym to help manage your data privacy regulation compliance from a global perspective.