Norway is fining gay dating app Grindr 100 million krone (£8.5 million) for failing to get consent from users before sharing their personal information with advertising companies, in breach of stringent European Union privacy rules.

The Norwegian data privacy watchdog said it had notified the company of its draft decision to issue a fine equal to 10% of its annual global revenue.

The Data Protection Authority took action following a complaint by the country’s Consumer Council alleging that personal data was shared unlawfully for marketing purposes.

The council said in a report last year that Grindr and five partner companies in the online ad industry collected personal data to use for targeted advertising in ways that violated the EU’s GDPR privacy rules.

The watchdog came to the preliminary conclusion that Grindr shared user data with a number of third parties without legal basis.

The data included GPS location, user profile information and even the fact that users were on Grindr, which could reveal their sexual orientation and therefore merit special protection.

“The Norwegian Data Protection Authority considers that this is a serious case,” said Bjorn Erik Thon, the authority’s director-general.

“Users were not able to exercise real and effective control over the sharing of their data.”

Grindr’s spokesman in Norway, Bjoern Richard Johansen, confirmed to broadcaster NRK that it had received a letter from regulators to notify it of the fine.

“Grindr is looking forward to entering into a dialogue with the Norwegian Data Protection Authority,” he told NRK, but said the company had no further comment.

Grindr has until February 15 to give feedback, which the watchdog will take into account for its final decision.

The privacy watchdog is still investigating five advertising technology companies that received data from Grindr, including one owned by Twitter called MoPub.