Grindr Loses Appeal as Norway Upholds €5.5 Million GDPR Fine

Grindr has lost its appeal against a data-protection penalty in Norway, with regulatory authorities confirming that the administrative fine of 65 million NOK (approximately €5.5 million) will stand. The decision marks a significant enforcement action against an app ostensibly designed for the LGBTQ+ community.

The case traces back to a complaint filed by the Norwegian Consumer Council (NCC) in 2020, alleging that Grindr was sharing users’ personal data – including location, advertising identifiers, IP addresses and the very fact of being a Grindr user – with third-party advertisers without valid consent. The Norwegian Data Protection Authority (DPA) found this violated Articles 6 (1) and 9 (1) of the General Data Protection Regulation (GDPR).

In September 2023, the Norwegian Privacy Appeals Board (Personvernnemnda) upheld the original fine, and in July 2024 the Oslo District Court rejected Grindr’s appeal. Thus the fine remains in place and the violations stand confirmed.

According to the regulator, the Court held that “being a user of Grindr” itself constitutes sensitive personal data under Article 9 GDPR, because it strongly indicates membership in a sexual minority group. In addition, consent mechanisms were found to be deficient: users of the free version of the app were required to accept full data-sharing conditions as a condition of registration, lacking genuine freedom of choice.

The penalties against Grindr could influence the app’s availability in countries with similar standards and regulations, or force the platform to undergo some changes in how it handles data handling consent. More broadly, it could also result in other platforms reviewing the way that they handle personal data – especially smaller apps that may operate in a similar way to Grindr.