Interesting Dating App Not Publicly Loved by the EU

January 13, 2022

Anyone wishing to keep up with decisions regarding the EU’s General Data Protection Regulation (GDPR) can turn to the GDPRhub wiki. Unfortunately, articles posted there are not always the easiest to read, especially after being machine-translated from one language to another. We slogged through the tortured prose in Norway authority Datatilsynet’s article 20/02136-18 regarding a recent fine imposed upon Grindr. The introductory summary states:

“In January 2020, the Norwegian DPA received 3 complaints against Grindr from the Norwegian Consumer Council (NCC) in collaboration with noyb [European Center for Digital Rights] regarding the sharing of data between the Grindr app and advertising partners MoPub, Xandr, OpenX Software, Ad Colony and Smaato. The complaint was based on the report ‘out of control’ prepared by the company mnemonic, and commissioned by the NCC. The NCC’s inquiry showed that Grindr shared certain categories of personal data to several advertising partners, including advertising ID, IP address, GPS, location, gender, age, device information and app name. The data was shared through software development kits (SDKs).”

The rest of the post outlines the technical details about the case, including issues of jurisdiction, guideline violations, and assessment of the 65,000,000 NOK ($7,345,000) fine. The key issue is Grindr’s user agreement, which did not give users enough control over their personal data to meet GDPR requirements. See the article for an extensive discussion of that reasoning. Basically, it looks like Grindr just did what it wanted and assumed it could beg for forgiveness. It was sadly mistaken. Let this be a lesson to other companies looking to distribute their apps in Europe. Fines that Google, Facebook, and Amazon weather as a matter of course could break smaller outfits.

Cynthia Murrell, January 11, 2021

Comments

Got something to say?





  • Archives

  • Recent Posts

  • Meta