-
The Norwegian Data Protection Authority has decided to fine the Norwegian Public Service Pension Fund (SPK) NOK 1 million. The background for the decision is that SPK has collected unnecessary income data on approximately 24,000 individuals.
-
The Norwegian Data Protection Authority has issued an advance notification of a ban on processing personal data by the browser extension «Shinigami Eyes», as the processing does not have a legal basis and insufficient information is provided to the data subjects.
-
The Norwegian Data Protection Authority has fined Ultra-Technology AS NOK 125,000 (EUR 12,500) for performing a credit rating on a private individual without any legal basis.
-
The Norwegian Data Protection Authority has decided to fine St. Olavs Hospital NOK 750,000 (EUR 75,000) due to a lack of access management concerning folder areas outside patient records.
-
The Norwegian Data Protection Authority has decided to fine Høylandet municipality NOK 400,000 (EUR 40,000). Image files containing health data about people with no connection to the municipality were accessible to staff at the health clinic.
-
The Norwegian Data Protection Authority has fined the Norwegian toll company Ferde NOK 5 million. Among other things, the company allegedly unlawfully transferred personal data about Norwegian motorists to China.
-
What are the privacy risks associated with communicating through a Page on Facebook? And what kind of responsibility for the processing of personal data may we have as the owner of a Page? We have carried out a risk assessment and a DPIA of Facebook, based on the obligations that follow from data protection regulations.
-
The Norwegian Data Protection Authority has issued a fine in the amount of NOK 50,000.
-
The Norwegian Data Protection Authority has reprimanded an enterprise for breach of the General Data Protection Regulation’s (GDPR) requirements concerning information about and access to one’s own personal data.
-
The Norwegian Data Protection Authority has fined Waxing Palace AS NOK 100,000. The enterprise operates a waxing salon, and their CCTV monitoring of the reception area has been found to be in breach of the General Data Protection Regulation (GDPR).
-
Are you struggling with privacy regulations related to artificial intelligence? In a way, the DPA does the same. Because in such a recent field, there is little case law to refer to. The technology is at the forefront of law. But the Data Protection Authority's sandbox for responsible artificial intelligence can provide mutual help.
-
The Norwegian Data Protection Authority has imposed a NOK 500,000 fine on Moss Municipal Council for failing to adequately protect personal data. The error has been corrected and the case closed.
-
The Norwegian Data Protection Authority’s inspection of Oslo University Hospital (OUH) reveals that the hospital cannot document satisfactory control of patient data when the hospital needs laboratory services from other countries.
-
The Norwegian Data Protection Authority has fined Innovation Norway EUR 100,000 (NOK 1,000,000). The matter concerns a credit rating without a legal basis for processing.
-
The Norwegian Data Protection Authority has ordered the company Smartere Utdanning AS to improve its solution for obtaining consent in order to comply with the requirements of the General Data Protection Regulation (GDPR).
-
The Norwegian Data Protection Authority has fined BRAbank EUR 40,000 (NOK 400,000) for violation of the General Data Protection Regulation (GDPR). This case concerns insufficient risk assessment and testing in connection with the launch of a customer portal for banking services.
-
The background for this case is a complaint from a former employee who discovered that their former employer had accessed their e-mail account.
-
Datatilsynet has received multiple complaints against the browser extension «Shinigami Eyes», available for Chrome and Firefox. We have sent an order to provide information to the developer.
-
The Norwegian Data Protection Authority has fined the Municipality of Oslo EUR 40,000 (NOK 400,000) for making documents containing sensitive personal data public.
-
The Norwegian Data Protection Authority has fined the Norwegian Confederation of Sport (NIF) EUR 125,000 (NOK 1,250,000) for a GDPR violation. The backdrop for this case is that personal data about 3.2 million Norwegians was available online for 87 days as a result of an error in connection with testing of a cloud computing solution.