Logo and page links

Main menu

Credit information services

Section 4-1. Relationship to the Personal Data Act

The provisions of the Personal Data Act shall apply to the processing of personal data in credit information services unless these Regulations otherwise provide.

The Personal Data Act shall also apply to the processing of credit information relating to persons other than natural persons.

Section 4-2. Definition of a credit information service

For the purposes of this chapter, the term "credit information service" means activities which consist in providing information that throws light on creditworthiness or financial solvency (credit information). This chapter does not apply to the utilization of information within an enterprise, or in relation to enterprises within the same corporate group unless the information is provided by an enterprise operating a credit information service. Nor does it apply to the provision of information to another credit information enterprise to which this Act applies, provided that the information is to be utilized in this enterprise's own credit information service.

The following services are not regarded as credit information services:

a) notifications from public registers regarding rights in and charges on real or movable property,

b) notifications from banks, cf. the Norges Bank Act, the Norwegian State Housing Bank Act, the Savings Banks Act and the Commercial Banks Act, and from finance companies, cf. the Financial Institutions Act, in connection with withdrawals from accounts and the execution of payment services. The same applies when such notifications are transmitted for a bank or finance company by an outside enterprise,

c) notifications to the data subject,

d) the publication of publicly exhibited tax assessments pursuant to section 8-8 of the Tax Assessment Act,

e) the Brønnøysund registers' processing of registers required by statute (law).

f) notices from the Register of Mortgaged Moveable Property concerning registered attachments of earnings and proceedings indicating "no distrainable property".

Amended by the Regulations of 24 April 2008 No. 396, 9 August 2013 No. 970.

Section 4-3. Disclosure of credit information

Credit information may only be given to persons who have an objective need for it. Credit information shall be provided on a non-discriminatory basis to creditors from EEA states.

Credit information shall be provided in writing either by automatic means or in paper-based form. However, credit information may be given orally provided that it does not contain any data that can be cited against the data subject, or if the credit information must be given without delay for practical reasons. If credit information is given orally, the information and the applicant's name and address shall be recorded and kept on file for at least six months. If the information contains any data that can be cited against the data subject, it shall be confirmed in writing.

Credit information may be supplied by distribution of publications or lists, provided that the publication or list only contains data concerning business enterprises, and that the data is given in summary form. Such publications may only be given to persons who are members or subscribers of the credit information processor.

Agreements entailing that the applicant shall be given any information that comes to the knowledge of the credit information enterprise in the future may only be made in respect of information relating to business enterprises.

Amended by the Regulations of 7 May 2010 No. 654 (in force from 11 June 2010).

Section 4-4. Right of access of and information to the data subject

If credit information relating to natural persons is provided or confirmed in writing, the credit information enterprise shall at the same time send a duplicate, copy or other notification concerning the contents free of charge to the person about whom data has been requested. The data subject shall be invited to request that any errors be rectified.

The right of access of legal persons follows from section 18 of the Personal Data Act.

The data subject may also demand to be informed of what credit information has been provided about him in the last six months, to whom it was given and where it was obtained.

Section 4-5. Permission to operate a credit information service

An enterprise may not process personal data for credit information purposes until the Data Protection Authority has granted it a licence. The same applies to credit information for persons other than natural persons.

When deciding whether to grant a licence, sections 34 and 35 of the Personal Data Act shall apply. For enterprises over which foreign interests have a controlling influence, conditions may be laid down regarding the form of establishment and the composition of the company's management.

Section 4-6. Validity of licences granted in pursuance of the Personal Data Filing Systems Act.

Licences granted for personal data filing systems for use in a credit information service pursuant to section 9 of the Act of 9 June 1978 No. 48 on personal data filing systems, etc., shall apply as licences pursuant to section 4-5 of these Regulations, insofar as the licence is not contrary to the Personal Data Act.

Section 4-7. The authority of the Data Protection Authority

If special reasons so indicate, the Data Protection Authority may by individual decision exempt the data controller from obligations that follow from the provisions of this chapter.

Chapter 5 (Repealed)

Repealed by the Regulations of 5 June 2009 No. 598.