LGBTQ+ dating app Grindr has been fined by Norwegian authorities for sharing user data.

On Wednesday (15 December), the Norwegian Data Protection Authority (DPA) issued a £5.5 million fine to Grindr after they discovered it was sharing users’ data with third-party advertisers.

The hefty fine was initially £8.6 million but was reduced after Grindr submitted paperwork detailing their financial situation and changes to their permissions policies.

The decision comes off the heels of an investigation by the Norwegian Consumer Council – who received a complaint about the app’s data sharing tactics.

According to a report from the BBC, users’ IP addresses, age, gender GPS location and advertising ID were amongst the data shared.

Sharing personal information, specifically regarding sexual orientation without clear consent is against the European Union’s General Data Protection Regulation.

Alongside the fine, Grindr may also be tasked with erasing all of the illegally acquired personal data.

Finn Myrstad, who is the digital policy director at the Norwegian Consumer Council, has since released a statement backing the decision.

“This sends a strong signal to all companies involved in commercial surveillance. There are serious repercussions to sharing personal data without a legal basis, he told Politico.

“We call for the digital advertising industry to make fundamental changes to respect consumers’ rights.”

A spokesperson for Grindr also issued a statement to the publication, disagreeing with the verdict.

“We strongly disagree with Datatilsynet’s reasoning, which concerns historical consent practices from years ago, not our current consent practices or Privacy Policy,” they said.

“Even though Datatilsynet has lowered the fine compared to their earlier letter, Datatilsynet relies on a series of flawed findings, introduces many untested legal perspectives, and the proposed fine is therefore still entirely out of proportion with those flawed findings.”

The dating application has three weeks to submit an appeal.