On 26 January, the Norwegian data protection authority, Datatilsynet, announced that it intends to fine the dating app Grindr 100 million NOK (€ 9 600 000) for breaching the EU’s data protection law (GDPR). This was a result of a legal complaint filed by the Norwegian consumer group Forbrukerrådet based on the report “Out of Control” a year ago against Grindr and five other companies.

Liberties calls on consumer groups to challenge data protection authorities

Shortly after Forbrukerrådet filed its complaint with the Norwegian data protection authority, the Civil Liberties Union invited ten other consumer groups from the BEUC network and eleven human and digital rights organizations for Europe to urge their local Data Protection Authorities (DPAs) to investigate the GDPR violations on popular dating, fertility tracking, and children’s apps.

Liberties welcomes Datatilsynet’s decision, which found that freely given, specific and unambiguous consent is necessary to process data for behavioural advertising purposes. It also found that companies that share our personal data with third parties must be held accountable for what happens to that data.

Now we call on the EU’s data protection authorities to follow Datatilsynet’s lead and ensure that all players in the online advertising industry comply with the GDPR.

Online tracking changes people's behaviour

While helping advertisers find their audience and communicate with potential consumers by data sharing may seem innocuous, it is far from it.

Comprehensive profiling and categorization of consumers can trigger harm that most users are as yet unaware of. These include discrimination and exclusion, fraud, manipulation, and the chilling effects that massive commercial surveillance systems may have on democratic debates.

Studies have shown that when individuals feel that they are being recorded, they modify their behavior. Surveillance may affect how we use the internet, whether we are willing to look for certain information on how our institutions work and the way our political leaders conduct themselves and their business.

Individual citizens have no meaningful way to resist or otherwise protect themselves from this type of data exploitation. It is time for national enforcement authorities to ensure that the ad-tech industry changes its ways and starts respecting GDPR.

The organizations participating following Liberties’ invitation were:

• DE - Digitalcourage
• DE - Digitale Gesellschaft
• DE - Netzwerk Datenschutzexpertise
• DE - Deutsche Vereinigung für Datenschutz
• ES - Rights International Spain
• HR – Centar za mirovne studije
• HR - Gong
• HU - Társaság a szabadságjogokért
• IT - Coalizione Italiana Libertà e Diritti civili
• SE - Civil Rights Defenders, Sweden
• SI - Mirovni inštitut

Previously on Liberties.eu:

Civil Rights Defenders Push For More Privacy Among Dating Apps