fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Grindr Fined $10m For ‘Grave’ GDPR Violations By Norwegian Privacy Watchdog

Grindr Fined $10m For ‘Grave’ GDPR Violations By Norwegian Privacy Watchdog

UPDATED Grindr, the popular LGBT dating app, has been fined €10 million ($12 million) for GDPR violations by Norway’s data privacy regulator because sensitive user data was apparently shared with third parties without valid consent.

The preliminary ruling issued by the Norwegian Data Protection Authority (Datatilsynet) centers on the fact that users had to accept a blanket privacy policy to use the app and were not given a separate opportunity to grant or withhold consent to sharing their data with third parties.

Users were also not properly informed about how the data was shared, said the Datatilsynet. The data shared included GPS location and user profile data such as sexual orientation.

Datatilsynet director-general Bjørn Erik Thon said these were “grave violations” of GDPR requirements around valid consent and added that it was “imperative” that such “take-it-or-leave-it consents” should “cease”.

Also Read: Best Privacy Certification: 3 Simple Steps On How To Achieve

‘Safe space’

“We believe that the fact that someone is a Grindr user speaks to their sexual orientation, and therefore this constitutes special category data that merit particular protection,” the Datatilsynet said in a press release issued yesterday (January 26).

“Grindr is seen as a safe space, and many users wish to be discrete. Nonetheless, their data have been shared with an unknown number of third parties, and any information regarding this was hidden away” – Datatilsynet director-general Bjørn Erik Thon

Said Thon: “Users were not able to exercise real and effective control over the sharing of their data.

“Business models where users are pressured into giving consent, and where they are not properly informed about what they are consenting to, are not compliant with the law.”

A Grindr spokesperson told The Daily Swig: “Grindr is confident that our approach to user privacy is first-in-class among social applications with detailed consent flows, transparency, and control provided to all of our users.”

They said “valid legal consent” had been “retained” from all “EEA users on multiple occasions”, most recently “in late 2020 to align with” the GDPR Transparency and Consent Framework v2.0.

The allegations “date back to 2018 and do not reflect Grindr’s current Privacy Policy or practices,” they continued, adding: “We continually enhance our privacy practices in consideration of evolving privacy laws and regulations, and look forward to entering into a productive dialogue with the Norwegian Data Protection Authority.”

Shane Wiley, Grindr’s chief privacy officer, also penned a defense of the platform’s privacy policies in a blog post published on Monday (January 25).

Ezat Dayeh, SE manager at data management vendor Cohesity, told The Daily Swig: “It is ironic timing that this matter becomes public 24 hours before Data Privacy Day.

“Organizations of all sizes need to be more accountable and deliver greater trust in how they handle consumer data in exchange for more tailored services or commercial gain. The relationship between consumer and brand only works when trust is in place.

“From a compliance perspective on privacy, GDPR was merely the start, not the end goal.”

Record-breaking fine

Grindr is marketed as the world’s most popular location-based social networking app for gay, bi, trans, and queer people with 13.7 million active users.

The penalty amounts to around 10% of the company’s worldwide revenues and, if confirmed, will be the highest GDPR fine ever levied by the Datatilsynet.

Grindr has until February 15 to respond to the ruling before a final decision is made.

Also Read: Personal Data Websites: 3 Things That You Must Be Informed

The investigation, which stems from a complaint filed against Grindr by the Norwegian Consumer Council in 2020, centers on consent mechanisms in place on the app until April 2020.

Datatilsynet said it had not yet assessed whether subsequent changes made to Grindr’s privacy policy were GDPR-compliant.

The Norwegian Consumer Council also filed complaints against five third parties that received data from Grindr for marketing purposes: Twitter-owned MoPub, Xandr, OpenX Software, AdColony, and Smaato.

The Daily Swig has contacted Grindr for comment on the ruling and will update the article accordingly if we receive a response. 

This article was updated on January 27 with comments from Ezat Dayeh of Cohesity, then on January 28 with comments from Grindr

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us