Protection of privacy

  • Teknologi og IT-rett, Personvern, Korona

    2020

    COVID-19 and Data Protection

    The Norwegian and three other European data protection supervisory authorities on employers' collection and disclosure of employee data.

  • Protection of privacy, Technology and IT Law

    2019

    GDPR, information security and the importance of carrying out "proper due diligence"

    ICO issues statements of intention to fine British Airways and Marriott.

  • Protection of privacy, Technology and IT Law

    2019

    Administrative fines for breach of the privacy by design principle and of the duty to ensure information security in the GDPR

    Two of Norway’s largest municipalities were found to be in breach of the General Data Protection Regulation (GDPR) in two separate and unrelated cases each of which involved the use of technology in the municipalities’ schools.

  • Personvern, Teknologi og IT-rett

    2019

    Google og Apple er bedt om å gi bedre informasjon om bruken av personopplysninger

  • Personvern, Teknologi og IT-rett

    2019

    Storbritannia forbereder seg på personvern etter Brexit: To nye forskrifter

    Når Storbritannia forlater EU, vil Personvernforordningen (GDPR) ikke lenger gjelde direkte i Storbritannia. To nye forskrifter har derfor nylig blitt kunngjort av det britiske parlamentet for i så stor grad som mulig å kunne beholde status quo og er ment å skulle tre i kraft når Storbritannia trer ut av EU. Begge forskriftene ble utgitt i henhold til Storbritannias European Union (Withdrawal) Act 2018.

  • Protection of privacy, Technology and IT Law

    2019

    Two recent decisions of the Norwegian Privacy Appeals Board

    The Norwegian Data Protection Authority (NDPA) has a broad set of powers, including the power to deliver warnings, reprimands or impose fines on data controllers and processors for non-compliance with the new Personal Data Act and the GDPR. As the new Personal Data Act and the GDPR only recently came into force, there are not yet many decisions based on the new legal regime. However, some of the recent NDPA decisions were appealed to the Privacy Appeals Board (PAB) and the appeal decisions have referred to the new legislation. Two such recent decisions respectively concern the data subject's right to object to processing and the right to erasure.

  • Protection of privacy, Teknologi og IT-rett

    2019

    List of processing operations where a DPIA is always required

    The Norwegian Data Protection Authority has recently published a list of processing operations that shall always require a data protection impact assessment (DPIA) pursuant to article 35(4) of the General Data Protection Regulation (GDPR).

  • Protection of privacy, Technology and IT Law

    2018

    Complaints against Google by consumer organisations for breach of GDPR

    On 27th November 2018, the Norwegian Consumer Council and consumer organizations from six other European countries – the Netherlands, Sweden, Greece, Poland, Slovenia and the Czech Republic – each filed a complaint against Google with their respective data protection authority.

  • Personvern, Teknologi og IT-rett

    2018

    The WP29 Opinion 2/2017 on data processing at work

    Article 29 Working Party (WP 29), consisting of data protection authorities from all EU and EEA states and the European DP Supervisor, has recently issued an Opinion 2/2017 on data processing at work ("the Opinion").

  • Personvern, Teknologi og IT-rett

    2018

    Identification and mapping of processing activities (Part 2)

    In the first part of this article, we examined the controller's obligation to keep records of processing activities pursuant to Article 30 of the GDPR. In this second part, we focus on the data processor's obligations to keep such records.

  • Personvern, Teknologi og IT-rett

    2018

    Identification and mapping of processing activities (Part 1)

    With less than a year until the General Data Protection Regulation (GDPR) enters into application, many companies are investigating the extent to which they are compliant as well as identifying what tasks need to be performed to enable them to become compliant by then.

  • Personvern, Teknologi og IT-rett

    2018

    Implementing the GDPR in Norway

    The General Data Protection Regulation (GDPR) starts to apply within the European Union (EU) from 25th May 2018. Since the GDPR is an EU regulation, it will have direct applicability and direct effect in all EU member states as from that date. Norway, however, is not an EU member state but a member of the European Economic Area (EEA) and a different procedure therefore applies before the GDPR can become part of Norwegian law.

  • Protection of privacy, Technology and IT Law

    2018

    Fintech and Privacy

    On 7th February 2018, the Norwegian Data Protection Authority ("DPA") published a report which examines the challenges that the revised Payment Services Directive (PSD2) pose for privacy.