Norwegian Court Upholds Fine Against Adult Dating App Over Data Privacy Violations

Key Takeaways

• Fine Upheld: The Court of Appeal confirmed the $6 million (NOK 65 million) fine against Grindr for unlawful data sharing.
• Invalid Consent: The court ruled that Grindr’s consent mechanisms did not meet GDPR standards.
• Sensitive Data Breach: Being identified as a Grindr user was deemed to reveal special category personal data.
• Regulator Vindicated: The Norwegian Data Protection Authority’s findings were upheld through multiple appeals.

Deep Dive

Norway’s Borgarting Court of Appeal has upheld the $6 million (NOK 65 million) fine against Grindr, ruling that the company unlawfully shared users’ personal data with advertisers without valid consent. The decision, handed down on Tuesday, confirms earlier findings by the Norwegian Data Protection Authority (Datatilsynet) and the Oslo District Court that Grindr breached EU data protection law.

“This is a fundamental and important decision for the right to data protection,” said Line Coll, Director General of Datatilsynet. “We are pleased that our assessments have been upheld through three rounds of appeals.”

The case dates back to 2020, when the Norwegian Consumer Council filed a complaint against Grindr for sharing user information with multiple third parties for marketing purposes. Datatilsynet’s investigation found that the company failed to obtain valid consent before disclosing data, and that simply being identified as a Grindr user revealed sensitive information about a person’s sexual orientation, data that qualifies as a special category under the EU’s General Data Protection Regulation (GDPR).

In December 2021, Datatilsynet fined the company $6 million (NOK 65 million). Grindr appealed the decision, but in September 2023 the Norwegian Privacy Appeals Board upheld both the regulator’s findings and the fine.

Grindr then took the matter to the Oslo District Court, which in 2024 ruled that the company’s consent mechanism was invalid and that it had unlawfully shared special category personal data with advertising partners.

Court of Appeal Confirms Earlier Rulings

Grindr’s final hope rested with the Borgarting Court of Appeal, which heard the case in August 2025. The court sided with the state, rejecting Grindr’s arguments and reaffirming that the company had processed sensitive data without proper consent. The ruling leaves the $6 million (NOK 65 million) fine intact.

With this decision, Datatilsynet’s position has now been validated at every level of review, by the Privacy Appeals Board, the Oslo District Court, and the Court of Appeal. Grindr has one month to decide whether to seek permission to appeal to the Supreme Court, though such cases require approval from the Supreme Court’s Appeals Committee.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.