The European Commission has got information on the official website (ec.europa.eu):
The online advertising industry is behind comprehensive illegal collection and indiscriminate use of personal data, research from the Norwegian Consumer Council claims. The Norwegian Consumer Council has now filed formal complaints against Grindr (a dating app for gay, bi, trans, and queer people) and companies that were receiving personal data through the app. The complaints are directed to the Norwegian Data Protection Authority.
The Norwegian Data Protection Authority (Datatilsynet) has made public a list of processing activities that we consider likely to result in a high risk to the rights and freedoms of data subjects and that always will require a DPIA. Such an assessment must be carried out before the processing of personal data is initiated.
The Norwegian Data Protection Authority has developed guidelines to help organisations understand and comply with the requirement of data protection by design and by default in article 25 of the General Data Protection Regulation.
We have among others cooperated with security professionals and software developers in public and private sector to create the guidelines.
In October 2019, a fine of € 120 000 was imposed on the Municipality of Oslo, the Education Agency, as a result of poor security of processing in the ‘Skolemelding’ mobile app. The app is used for communication between school employees, parents and pupils.
The fine was issued because the municipality had not implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk. The following were key elements in the Data Protection Authority’s assessment:
Previously, the Data Protection Authority notified its intent to impose a fine of € 200 000 in response to the findings above. However, in the final amount was reduced to € 120 000 as there were mitigating factors present in the case. The municipality implemented measures to limit the damages as soon as it was made aware of the security flaws, and it has shown willingness to resolve the issues.
You Decide is a teaching resource about privacy and digital responsibility for children and young people aged 9-18 years. It's used in more than twenty countries.
All the content is available in English, and you are free to share and adapt the content in your country.