Fri | Jan 29, 2021 | 1:44 PM PST

The Norwegian Data Protection Authority (DPA) recently notified the  dating app Grindr of its intentions to administer a fine of NOK 100 million ($11.7 million) for violating some of the General Data Protection Regulation (GDPR) privacy rules.

This fine would result in roughly 10% of the company's global revenue. The GDPR allows for a maximum fine of 4 percent of global "turnover" or €20 million, whichever is greater.

EU says Grindr violated GDPR consumer privacy laws

The fine stems from a complaint originally filed last year. 

The Norwegian Consumer Council found that Grindr allowed "...unlawful sharing of personal data with third parties for marketing purposes."

This data included GPS location, user profile data, and the fact that the user is on Grindr.

Also, Grindr bills itself as an "App for gay, bi, trans, and queer people." NCC regulators therefore believe that when someone is a Grindr user, it speaks to their sexual orientation, constituting special category data that merits particular protection.

Bjørn Erik Thon, Director-General of the Norwegian Data Protection Authority, said:

"The Norwegian Data Protection Authority considers that this is a serious case. Users were not able to exercise real and effective control over the sharing of their data. Business models where users are pressured into giving consent, and where they are not properly informed about what they are consenting to, are not compliant with the law.

Grindr is seen as a safe space, and many users wish to be discrete. Nonetheless, their data have been shared with an unknown number of third parties, and any information regarding this was hidden away."

The Norwegian Data Protection Authority has a rule that consent is required for personal data tracking for marketing purposes. Grindr users had no choice but to accept the privacy policy if they wanted to use the app and were not asked if they consented to sharing their data with third parties.

If Grindr is fined the proposed 10% of its annual revenue, it would result in the largest fine in the history of the Norwegian DPA.