Logo and page links

Main menu

Do you want information about GDPR in English?

The European Commission has got information on the official website (ec.europa.eu):

  1. Find out what your organisation must do to comply with EU data protection rules and learn how you can help citizens exercising their rights under the regulation.
  2. Find out how your personal data is protected, the rights that help you take back control of your data and what to do if things go wrong.
Do you want information about GDPR in English?
Do you want information about GDPR in English?

Formal complaints against Grindr for breaches of GDPR

The online advertising industry is behind comprehensive illegal collection and indiscriminate use of personal data, research from the Norwegian Consumer Council claims. The Norwegian Consumer Council has now filed formal complaints against Grindr (a dating app for gay, bi, trans, and queer people) and companies that were receiving personal data through the app. The complaints are directed to the Norwegian Data Protection Authority.

Formal complaints against Grindr for breaches of GDPR

Do you wonder if you have to conduct a Data Protection Impact Assessment (DPIA)?

The Norwegian Data Protection Authority (Datatilsynet) has made public a list of processing activities that we consider likely to result in a high risk to the rights and freedoms of data subjects and that always will require a DPIA. Such an assessment must be carried out before the processing of personal data is initiated.

Do you wonder if you have to conduct a Data Protection Impact Assessment (DPIA)?

Software development with Data Protection by Design and by Default

The Norwegian Data Protection Authority has developed guidelines to help organisations understand and comply with the requirement of data protection by design and by default in article 25 of the General Data Protection Regulation.

We have among others cooperated with security professionals and software developers in public and private sector to create the guidelines.

Software development with Data Protection by Design and by Default

Administrative fine imposed on the Municipality of Oslo, the Education Agency

In October 2019, a fine of € 120 000 was imposed on the Municipality of Oslo, the Education Agency, as a result of poor security of processing in the ‘Skolemelding’ mobile app. The app is used for communication between school employees, parents and pupils.

The fine was issued because the municipality had not implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk. The following were key elements in the Data Protection Authority’s assessment:

  1. One of the intended uses of the app is for parents to send messages regarding their children and absence from school using a free-text field. This enables communication of special category personal data, such as health data, regarding the children. There are no technical measures to prevent this from happening, and no information is given within the app that such transmission should be avoided. In line with data protection by design and default, alternative measures such as drop-down lists and tick boxes are more appropriate.
  2. Poor app login security made it possible for unauthorised persons to access and alter personal data of more than 63 000 pupils in the first to tenth grade.
  3. As a consequence of inadequate security testing before the app was launched, the app contained well-known security vulnerabilities.

Previously, the Data Protection Authority notified its intent to impose a fine of € 200 000 in response to the findings above. However, in the final amount was reduced to € 120 000 as there were mitigating factors present in the case. The municipality implemented measures to limit the damages as soon as it was made aware of the security flaws, and it has shown willingness to resolve the issues.

You Decide

You Decide is a teaching resource about privacy and digital responsibility for children and young people aged 9-18 years. It's used in more than twenty countries.

All the content is available in English, and you are free to share and adapt the content in your country.

You Decide