“Now that we have a final decision in the Grindr case, this decision will also inform those investigations,” he further confirmed of the ad partner probes. “In other words: We are not ruling out any possibilities for further enforcement at this stage.” “ Our decision does not include any erasure requirements at this time but we have also made it clear that further decisions may come at a later date if we deem it necessary,” said Tobias Judin, director for international issues at Datatilsynet. It also confirmed that its investigation against Grindr’s ad partners (who it sent user data to) is ongoing. While the decision does not include any requirements that Grindr (or its ad partners) delete unlawfully obtained user data, the DPA told us that that could change in future. So the lawfulness of Grindr’s current method for obtaining consent has not been investigated. It’s also worth noting that this investigation was limited to the process Grindr used to obtain consent at the time of the complaint - in 2019 and up to April 2020 (when it switched to a different method). The complaint has taken almost a year to arrive at a final decision owing - at least in part - to Grindr requesting extensions to deadlines on a number of occasions. The DPA describes the size of the fine as “proportionate both to the severity of the infringement and to Grindr’s financial situation”, asserting that it “does not exceed what is necessary to achieve the objectives pursued by the GDPR in the present case”. And because GDPR allows for fines of up to €20 million or up to 4% of an entity’s total global turnover in the preceding year, whichever is higher, it suggests the U.S.-based app’s annual revenue does not exceed €20 million/$22.5 million. The DPA’s decision notes that the final fine is approximately 32% of the maximum amount possible. It also said the reduction takes account of measures Grindr implemented since the complaint was filed with the aim of bringing its processing of personal data in line with GDPR’s requirements. The authority told TechCrunch the smaller sanction takes account of the company having lower turnover in reality than the “rough estimate” it had relied upon in January when issuing the preliminary fine.
![grinder gay definition grinder gay definition](https://assets-global.website-files.com/60953ebd0534247ce13fec16/609540fc786692821b7d7c9e_528420-LGBTQIA-Safe-Sex-Guide-1296x728-header.png)
The final size of the penalty Grindr has been hit with is a little reduced versus the 100 million NOK/$12.1 million that the gay dating app was facing back in January - when the Datatilsynet issued a preliminary decision on the case. The complaint adds to the behavioral advertising industry’s legal woes - which continue to pile up in the region.
![grinder gay definition grinder gay definition](https://images.theconversation.com/files/415695/original/file-20210811-13-pr36r8.png)
![grinder gay definition grinder gay definition](https://media-cldnry.s-nbcnews.com/image/upload/t_fit-1240w,f_auto,q_auto:best/newscms/2020_03/2516676/80118-grindr-icon-dk-1208.jpg)
Specifically, the DPA found that Grindr breached Articles 6(1) and 9(1) of Europe’s General Data Protection Regulation (GDPR). Grindr, a hook-up app for gay, bi, trans and queer people, has been fined around $7.1 million (65 million NOK) by Norway’s data protection authority for passing user data to advertisers without consent - including highly sensitive information related to users’ sexual orientation.