Datatilsynet (Norway)

From GDPRhub
Revision as of 13:50, 19 October 2020 by Cp (talk | contribs) (→‎Administrative)
Datatilsynet
LogoNO.png
Name: Datatilsynet
Abbreviation : Datatilsynet
Jurisdiction: Norway
Head: Bjørn Erik Thon
Deputy: n/a
Adress: Tollbugata 3

0152 Oslo

NORWAY

Webpage: datatilsynet.no
Email: postkasse@datatilsynet.no
Phone: +47 22 39 69 00
Twitter: @datatilsynet
Procedural Law: Public Administration Act (Forvaltningsloven) (in EN), Freedom of Information Act (Offentleglova) (in EN)
Decision Database: Important decisions (in NO)
Translated Decisions: Category:Datatilsynet (Norway)
Head Count: Approx. 50
Budget: n/a

The Norwegian Data Protection Authority (Datatilsynet) is the national Data Protection Authority for Norway. It resides in Oslo and is in charge of enforcing GDPR in Norway.

Structure

Datatilsynet is an independent body set up in 1980. Administratively, Datatilsynet is subordinate to the Ministry of Local Government and Modernisation. Cases are usually assigned to an employee that is named on all documents by initials.

Datatilsynet is organized in a legal department, a department for technology, analysis and security, a communications department and an administrative department. The legal department is further organized in different sections.

Legal Department

Department for the enforcement of rules, international cooperation and sanctions

The department for the enforcement of rules, international cooperation and sanctions have the overarching responsibility for the legal development at Datatilsynet, as well as the international work, for instance with the EDPB.

The department have three different sections:

Section for public services

The section for public services have the main responsibility for police- and justice sector, immigration administration, the health sector, public administration and the school- and kindergarden sector.

Section for private services

The section for private services have the main responsibility for the banking and financing sector, privacy in the workplace, violations on the internet, camera surveillance, audio recordings and the like.

International Section

The international section have the main responsibility for the transfer of personal data to third-countries and international cooperation.

Department for technology, analysis and security

The department for technology, analysis and security have the overarching responsibility for digitalisation, carrying out supervisory tasks and the methodology in relation to this, security of processing, technical analysis, as well as strategic work. The department consist of a staff with security and technical experts, as well as a section for analysis, research and politics.

Procedural Information

Applicable Procedural Law

Datatilsynet is, like all other public bodies in Norway, bound by the Public Administrative Act of 1967 (Forvaltningsloven - fvl.) and the Freedom of Information Act of 2009 (Offentleglova).

Complaints Procedure under Art 77 GDPR

There are no formal requirements by law.

Datatilsynet required that a complainant had been in touch with the controller, as well as attaching proof of correspondence alongside the complaint.

Datatilsynet also required that the complaint contained:

  • The name of the controller
  • A description of the alleged breach
  • Legal claim and remedy
  • Contact information (name, phone number and postal address)

The practice of requiring complainants to fulfil certain obligations to file a complaint was stopped, as there are no basis under GDPR to impose such additional requirements.

Datatilsynet does not currently give any information about an e-mail address where the complaint can be sent, but informs that a solution for secure transmissions is being developed. The former e-mail address was postkasse@datatilsynet.no.

Read more on datatilsynet.no

Ex Officio Procedures under Art 57 GDPR

You can help us filling this section!

Appeals

Administrative

Decisions made by Datatilsynet can be appealed to Personvernnemda (PVN), an independent body tasked to handle such complaints.

Court

Decisions can also be appealed to the courts, starting in the first instance, tingretten.

Practical Information

You can help us filling this section!

Statistics

You can help us filling this section!

EU/EEA/UK Data Protection Authorities
Austria · Belgium · Bulgaria · Croatia · Cyprus · Czech Republic · Denmark · Estonia · Finland (Åland) · France · Germany (Baden-Württemberg · Bavaria, private sector · Bavaria, public sector · Berlin · Brandenburg · Bremen · Hamburg · Hesse · Lower Saxony · Mecklenburg-Vorpommern · North Rhine-Westphalia · Rhineland-Palatinate · Saarland · Saxony · Saxony-Anhalt · Schleswig-Holstein · Thuringia ) · Greece · Hungary · Ireland · Italy · Latvia · Lithuania · Luxembourg · Malta · Netherlands · Poland · Portugal · Romania · Slovakia · Slovenia · Spain (Basque Country · Catalonia · AndalusiaSweden
Iceland · Liechtenstein · Norway · United Kingdom EDPS · EDPB