-
The Norwegian Data Protection Authority has issued an advance notification of a ban on processing personal data by the browser extension «Shinigami Eyes», as the processing does not have a legal basis and insufficient information is provided to the data subjects.
-
The Norwegian Data Protection Authority has fined Ultra-Technology AS NOK 125,000 (EUR 12,500) for performing a credit rating on a private individual without any legal basis.
-
The Norwegian Data Protection Authority has decided to fine St. Olavs Hospital NOK 750,000 (EUR 75,000) due to a lack of access management concerning folder areas outside patient records.
-
The Norwegian Data Protection Authority has decided to fine Høylandet municipality NOK 400,000 (EUR 40,000). Image files containing health data about people with no connection to the municipality were accessible to staff at the health clinic.
-
The Norwegian Data Protection Authority has fined the Norwegian toll company Ferde NOK 5 million. Among other things, the company allegedly unlawfully transferred personal data about Norwegian motorists to China.
-
What are the privacy risks associated with communicating through a Page on Facebook? And what kind of responsibility for the processing of personal data may we have as the owner of a Page? We have carried out a risk assessment and a DPIA of Facebook, based on the obligations that follow from data protection regulations.
-
The Norwegian Data Protection Authority has issued a fine in the amount of NOK 50,000.
-
The Norwegian Data Protection Authority has reprimanded an enterprise for breach of the General Data Protection Regulation’s (GDPR) requirements concerning information about and access to one’s own personal data.
-
The Norwegian Data Protection Authority has fined Waxing Palace AS NOK 100,000. The enterprise operates a waxing salon, and their CCTV monitoring of the reception area has been found to be in breach of the General Data Protection Regulation (GDPR).
-
Are you struggling with privacy regulations related to artificial intelligence? In a way, the DPA does the same. Because in such a recent field, there is little case law to refer to. The technology is at the forefront of law. But the Data Protection Authority's sandbox for responsible artificial intelligence can provide mutual help.
-
The Norwegian Data Protection Authority has imposed a NOK 500,000 fine on Moss Municipal Council for failing to adequately protect personal data. The error has been corrected and the case closed.
-
The Norwegian Data Protection Authority’s inspection of Oslo University Hospital (OUH) reveals that the hospital cannot document satisfactory control of patient data when the hospital needs laboratory services from other countries.
-
The Norwegian Data Protection Authority has fined Innovation Norway EUR 100,000 (NOK 1,000,000). The matter concerns a credit rating without a legal basis for processing.
-
The Norwegian Data Protection Authority has ordered the company Smartere Utdanning AS to improve its solution for obtaining consent in order to comply with the requirements of the General Data Protection Regulation (GDPR).
-
The Norwegian Data Protection Authority has fined BRAbank EUR 40,000 (NOK 400,000) for violation of the General Data Protection Regulation (GDPR). This case concerns insufficient risk assessment and testing in connection with the launch of a customer portal for banking services.
-
The background for this case is a complaint from a former employee who discovered that their former employer had accessed their e-mail account.
-
Datatilsynet has received multiple complaints against the browser extension «Shinigami Eyes», available for Chrome and Firefox. We have sent an order to provide information to the developer.
-
The Norwegian Data Protection Authority has fined the Municipality of Oslo EUR 40,000 (NOK 400,000) for making documents containing sensitive personal data public.
-
The Norwegian Data Protection Authority has fined the Norwegian Confederation of Sport (NIF) EUR 125,000 (NOK 1,250,000) for a GDPR violation. The backdrop for this case is that personal data about 3.2 million Norwegians was available online for 87 days as a result of an error in connection with testing of a cloud computing solution.
-
The Norwegian Data Protection Authority has fined Basaren Drift AS EUR 20,000 (NOK 200,000) for a GDPR violation. The case relates to CCTV surveillance of restaurant premises.
-
The Norwegian Data Protection Authority has fined Asker municipality EUR 100,000 (NOK 1,000,000). The Municipality was fined for publishing confidential personal data and National Identity Numbers (NID) on its website.
-
The Norwegian Data Protection Authority has fined the company Miljø- og Kvalitetsledelse AS EUR 3,500 (NOK 35,000) for illegal distribution of personal data from camera recordings.
-
The Norwegian Data Protection Agency has fined the power company Dragefossen AS EUR 15,000 (NOK 150,000). The fine was imposed after the company put the city centre of Rognan under CCTV surveillance and live-streamed the images without legal basis.
-
The Norwegian Data Protection Authority has fined Ålesund municipality EUR 5,000 (NOK 50,000) for its use of the fitness app Strava.
-
A business has been fined EUR 25,000 (NOK 250,000) for illegal forwarding of an employee's e-mails. The name of the business has been withheld from public disclosure to protect the identities of its employees.
-
The Norwegian Data Protection Authority has fined an organization EUR 40 000 (NOK 400,000) for unlawfully setting up automatic forwarding of an employee’s e-mails.
-
The Norwegian Data Protection Authority has fined Cyberbook AS EUR 20 000 (NOK 200,000) for unlawfully setting up the automatic forwarding of a former employee’s e-mails.
-
The Norwegian Data Protection Authority has fined Aquateknikk AS EUR 10,000 (NOK 100,000) for having performed a credit rating on a private individual without legal basis.
-
The Norwegian Data Protection Authority has issued a fine in the amount of EUR 40 000 (NOK 400,000) to Coop Finnmark AS. The case concerns unlawful distribution of a camera recording from a shop.
-
The Norwegian Data Protection Authority has fined Gveik AS EUR 7 500 (NOK 75,000) for having conducted a credit rating without a legal basis.
-
The Norwegian Data Protection Authority has notified Disqus Inc. (Disqus) that we intend to issue an administrative fine of NOK 25 000 000 for not complying with the GDPR rules on accountability, lawfulness, and transparency.
-
The Data Protection Authority have chosen the first four projects that will participate in the regulatory sandbox for responsible artificial intelligence. In the sandbox, they will explore a regulatory challenging terrain.
-
The Norwegian Data Protection Authority has decided to issue a fine of EUR 10 000 (NOK 100,000) to Lindstrand Trading AS for conducting a total of four credit ratings of individuals and sole proprietorships without a legal basis.
-
The Norwegian Data Protection Authority have issued a reprimand to Telenor Norge AS for inadequate protection of personal data in its voicemail function, and for failing to submit a data breach notification to the Norwegian Data Protection Authority.
-
The Norwegian Data Protection Authority has fined the Municipality of Indre Østfold EUR 20 000 (NOK 200,000) for a confidentiality violation. Personal data that should have been restricted was available to unauthorized persons.
-
The Norwegian Data Protection Authority has notified Grindr LLC (Grindr) that we intend to issue an administrative fine of NOK 100 000 000 for not complying with the GDPR rules on consent.
-
- It is exciting to see all the AI innovation going on in Norway, and that there is a strong desire to protect privacy, says Kari Laumann. She is the project manager for the Data Protection Authority's recent offer, a regulatory sandbox for responsible artificial intelligence.
-
The Norwegian Data Protection Authority has given the Norwegian Customs a final decision on an administrative fine of NOK 400,000. The fine has been adjusted downwards in relation to the notice given in 2019. The case concerns the collection and use of information from cameras without legal basis.