Norway DPA’s privacy fine against Grindr affirmed on appeal
October 2, 2023
Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.
Grindr Privacy Fine Affirmed on Appeal to Norwegian Privacy Board
An NOK 65 million (approximately $7.1 million USD) fine issued against Grinder by the Norwegian Data Protection Authority in 2020 has been affirmed on appeal.
The court also found that the fact that an individual is a user of Grindr is, in and of itself, sufficient to constitute a special category of personal data, and that, due to the seriousness of the breach, the number of registered persons affected, the category of information that applies and the ongoing nature of the breach for two years, the amount of the fine was appropriate.
The original fine was based on allegations that Grindr conditioned access to the free version of its dating service on user agreement to the use and sharing of information for ad purposes, which, according to the DPA, should have been optional due to the sensitive nature of the data.
Grindr disputed that the data shared with third parties constituted “sensitive information” under GDPR, arguing that the DPA’s decision was based on “ill-founded, sweeping, and discriminatory assumptions” regarding users of the service and that use of the service, in and of itself, didn’t reveal sexual orientation.
The appeals court disagreed on the basis that, even if the specific sexual orientation of the users was not disclosed, the information that someone is a user on Grindr means that they very likely have a sexual orientation that is different from the majority.
Read more: Grindr appeals Norway’s privacy fine
Norway Requests Meta Ban From behavioral advertising be permanent
The Norwegian Data Protection Authority requested of the European Data Protection Board that the DPA’s recent decision temporarily banning Meta from behavioral advertising (with which Meta has allegedly not complied) be made permanent and extended across the EU/EEA.
Shortly following a judgment from the European Court of Justice finding that Meta’s behavior-based marketing was not compliant, the Norway DPA issued a temporary ban, through October 2023, prohibiting Meta from advertising based on monitoring and profiling on Facebook and Instagram.
The Norwegian DPA’s announcement stated several reasons for its concern over behavior-based marketing, including impacts on freedom of expression and information in society, reinforcement of sterotypes, unfair discrimination, and the difficulty for most people to understand it.
Ultimately, according to the head of the international section of the Norwegian DPA, “all business models must respect privacy as a human right. Users must have sufficient control over their own data, and tracking must be limited.”
Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.
A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.
Latest Blog Posts
A memorandum from the California Privacy Protection Agency (CPPA) staff proposes...
The ICO previously made an announcement on its website warning that...
Publisher Collective recognised the importance of collecting consent in...
Latest White Papers
The current state of publisher compliance with CCPA, and...
How to review your vendor list to mitigate compliance...
Keep in touch
Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.