Norway DPA’s privacy fine against Grindr affirmed on appeal

Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.

NORWAY

Grindr Privacy Fine Affirmed on Appeal to Norwegian Privacy Board

An NOK 65 million (approximately $7.1 million USD) fine issued against Grinder by the Norwegian Data Protection Authority in 2020 has been affirmed on appeal.

The appeals court found it insufficient that Grindr only included information about sharing personal data to advertising partners in their privacy policy.

The court also found that the fact that an individual is a user of Grindr is, in and of itself, sufficient to constitute a special category of personal data, and that, due to the seriousness of the breach, the number of registered persons affected, the category of information that applies and the ongoing nature of the breach for two years, the amount of the fine was appropriate.

CONTEXT

The original fine was based on allegations that Grindr conditioned access to the free version of its dating service on user agreement to the use and sharing of information for ad purposes, which, according to the DPA, should have been optional due to the sensitive nature of the data. 

Grindr disputed that the data shared with third parties constituted “sensitive information” under GDPR, arguing that the DPA’s decision was based on “ill-founded, sweeping, and discriminatory assumptions” regarding users of the service and that use of the service, in and of itself, didn’t reveal sexual orientation.

The appeals court disagreed on the basis that, even if the specific sexual orientation of the users was not disclosed, the information that someone is a user on Grindr means that they very likely have a sexual orientation that is different from the majority.  

Read more: Grindr appeals Norway’s privacy fine

Norway Requests Meta Ban From behavioral advertising be permanent

 The Norwegian Data Protection Authority requested of the European Data Protection Board that the DPA’s recent decision temporarily banning Meta from behavioral advertising (with which Meta has allegedly not complied) be made permanent and extended across the EU/EEA.

TAKEAWAY

Shortly following a judgment from the European Court of Justice finding that Meta’s behavior-based marketing was not compliant, the Norway DPA issued a temporary ban, through October 2023, prohibiting Meta from advertising based on monitoring and profiling on Facebook and Instagram.

The Norwegian DPA’s announcement stated several reasons for its concern over behavior-based marketing, including impacts on freedom of expression and information in society, reinforcement of sterotypes, unfair discrimination, and the difficulty for most people to understand it.

Ultimately, according to the head of the international section of the Norwegian DPA, “all business models must respect privacy as a human right. Users must have sufficient control over their own data, and tracking must be limited.”

Read more: Oslo court upholds Norway DPA’s ban of Meta targeted advertising

Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.