Protection of privacy

  • Protection of privacy, Technology and IT Law

    2019

    GDPR, information security and the importance of carrying out "proper due diligence"

    ICO issues statements of intention to fine British Airways and Marriott.

  • Protection of privacy, Technology and IT Law

    2019

    Administrative fines for breach of the privacy by design principle and of the duty to ensure information security in the GDPR

    Two of Norway’s largest municipalities were found to be in breach of the General Data Protection Regulation (GDPR) in two separate and unrelated cases each of which involved the use of technology in the municipalities’ schools.

  • Protection of privacy, Technology and IT Law

    2019

    Google and Apple asked to provide better information on the use of personal data

    A recent initiative co-ordinated by the Norwegian and Dutch consumer associations has asked Google and Apple to respectively provide better information to their users.

  • Protection of privacy, Technology and IT Law

    2019

    The UK prepares for Data Protection after Brexit: Two New Regulations

    When the UK leaves the EU, the General Data Protection Regulation (GDPR) will no longer be directly applicable in the UK. Two new sets of regulations have therefore been recently promulgated by the British Parliament to retain, as much as possible, the status quo and are meant to come into effect upon the UK's withdrawal from the EU. Both sets of regulations were issued pursuant to the UK's European Union (Withdrawal) Act 2018.

  • Protection of privacy, Technology and IT Law

    2019

    Two recent decisions of the Norwegian Privacy Appeals Board

    The Norwegian Data Protection Authority (NDPA) has a broad set of powers, including the power to deliver warnings, reprimands or impose fines on data controllers and processors for non-compliance with the new Personal Data Act and the GDPR. As the new Personal Data Act and the GDPR only recently came into force, there are not yet many decisions based on the new legal regime. However, some of the recent NDPA decisions were appealed to the Privacy Appeals Board (PAB) and the appeal decisions have referred to the new legislation. Two such recent decisions respectively concern the data subject's right to object to processing and the right to erasure.

  • Protection of privacy, Teknologi og IT-rett

    2019

    List of processing operations where a DPIA is always required

    The Norwegian Data Protection Authority has recently published a list of processing operations that shall always require a data protection impact assessment (DPIA) pursuant to article 35(4) of the General Data Protection Regulation (GDPR).

  • Protection of privacy, Technology and IT Law

    2018

    Complaints against Google by consumer organisations for breach of GDPR

    On 27th November 2018, the Norwegian Consumer Council and consumer organizations from six other European countries – the Netherlands, Sweden, Greece, Poland, Slovenia and the Czech Republic – each filed a complaint against Google with their respective data protection authority.

  • Protection of privacy, Teknologi og IT-rett

    2018

    Identification and mapping of processing activities (Part 1)

    With less than a year until the General Data Protection Regulation (GDPR) enters into application, many companies are investigating the extent to which they are compliant as well as identifying what tasks need to be performed to enable them to become compliant by then.

  • Protection of privacy, Technology and IT Law

    2018

    Implementing the GDPR in Norway

    The General Data Protection Regulation (GDPR) starts to apply within the European Union (EU) from 25th May 2018. Since the GDPR is an EU regulation, it will have direct applicability and direct effect in all EU member states as from that date. Norway, however, is not an EU member state but a member of the European Economic Area (EEA) and a different procedure therefore applies before the GDPR can become part of Norwegian law.

  • Protection of privacy, Teknologi og IT-rett

    2018

    Identification and mapping of processing activities (Part 2)

    In the first part of this article, we examined the controller's obligation to keep records of processing activities pursuant to Article 30 of the GDPR. In this second part, we focus on the data processor's obligations to keep such records.

  • Protection of privacy, Technology and IT Law

    2018

    The WP29 Opinion 2/2017 on data processing at work

    Article 29 Working Party (WP 29), consisting of data protection authorities from all EU and EEA states and the European DP Supervisor, has recently issued an Opinion 2/2017 on data processing at work ("the Opinion").

  • Protection of privacy, Technology and IT Law

    2018

    Fintech and Privacy

    On 7th February 2018, the Norwegian Data Protection Authority ("DPA") published a report which examines the challenges that the revised Payment Services Directive (PSD2) pose for privacy.