Logo and page links

Main menu

The scope of the Personal Data Act

Section 1-1. The Office of the Auditor General's processing of personal data

When the Office of the Auditor General processes personal data as part of its control activities, such processing shall be exempted from sections 18, 27, 31 and 33 of the Personal Data Act.

The Personal Data Act in its entirety shall apply to all other processing by the Office of the Auditor General.

Section 1-2. Personal data processing that is necessary in the interests of national security

Personal data processing that is necessary in the interests of national security or the security of allies, the relationship to foreign powers and other vital national security interests shall be exempted from section 44, first to third paragraphs, of the Personal Data Act, and from sections 31 and 33 of the Act.

Any disagreement between the data controller and the Data Protection Authority regarding the extent of the exemption shall be decided by the Privacy Appeals Board.

Section 1-3. Processing of personal data in the administration of justice, etc.

The Personal Data Act shall not apply to matters that are dealt with or decided pursuant to the Acts relating to administration of justice (the Courts of Justice Act, the Criminal Procedure Act, the Dispute Act and the Enforcement Act, etc.).

Amended by the Regulations of 23 December 2003 No. 1798 (in force from 1 January 2004). 5 June 2007 No. 1092 (in force from January 2008), 24 April 2008 No. 396 (ratification).

Section 1-4. Svalbard

The Personal Data Act and associated Regulations shall apply to data controllers who are established on Svalbard.

The Protection Authority may by individual decision grant dispensation from the individual provisions of the Personal Data Act if local conditions make this necessary.

Section 1-5. Jan Mayen

The Personal Data Act and associated Regulations shall apply to data controllers who are established on Jan Mayen.