Grindr has been fined £5.5 million for selling user data to advertisers.
The location-based dating app - which is aimed at gay men - received the fine from the Norwegian Data Protection Authority, who claimed that sharing data without consent broke GDPR rules.
Tobias Judin, head of the international department at the NDPA said in a statement: "Our conclusion is that Grindr has disclosed user data to third parties for behavioural advertisement without a legal basis. The Grind (sic) app is used to connect with other users in the LGBTQ+ community, and we are aware that many users choose not to use their full name or upload a picture of their face in order to be discrete. Nonetheless, their personal data and the fact that they were on Grindr was disclosed to an unknown number of third parties for marketing purposes, without giving the users accessible information or a genuine choice."
The Authority went on to claim that "thousands" of Grindr users have now had their data shared "unlawfully", and explained that the gravitas of the situation justified the size of the fine.
Judin added: "Thousands of users in Norway have had their personal data shared unlawfully for the commercial interests of Grindr, including GPS location and the fact that the users in question were on Grindr. Business models based on behavioural advertisement are common in the digital economy, and it is imperative that administrative fines for GDPR violations are dissuasive in order to foster compliance with the law."
Grindr now has three weeks to appeal the fine.