Datatilsynet - 20/02254 (PVN-2020-12)

From GDPRhub
Revision as of 15:52, 23 October 2020 by Cp (talk | contribs)
Datatilsynet - 20/02254-1 (20/00768)/TSM
LogoNO.png
Authority: Datatilsynet (Norway)
Jurisdiction: Norway
Relevant Law: Article 57(1)(a) GDPR
Article 57(1)(f) GDPR
Article 58(1) GDPR
Article 5(3) ePrivacy Directive 2002/58/EC
Public Administration Act § 14
The Electronic Communications Act § 2(7)(b)
Type: Complaint
Outcome: Rejected
Decided: 07.09.2020
Published: 07.09.2020
Fine: None
Parties: OpenX Software Ltd., OpenX Ltd. og OpenX Technologies, Inc.
Privacy Appeals Board
Datatilsynet
National Case Number/Name: 20/02254-1 (20/00768)/TSM
European Case Law Identifier: n/a
Appeal: n/a
Original Language(s): Norwegian
Original Source: Personvernnemda (in NO)
Initial Contributor: Rie Aleksandra Walle

In a case at the intersection of telecommunications law and data protection, the Norwegian Privacy Appeals Board (Personvernrådet) upheld the Norwegian DPA's (Datatilsynet) request for information to OpenX.

English Summary

Facts

The Norwegian Consumer Council (Forbrukerrådet) filed three complaints against the gay/bi dating app Grindr and five adtech companies that received personal data through the app. Subsequently, Datatilsynet sent a request for more information from one of the adtech companies; OpenX.

OpenX refused to respond on the basis that Datatilsynet don't have legal grounds to impose such a request on them, because, in their opinion, the issue relates to the Electronic Communications Act § 2(7)(b) (cf. Article 5(3) ePrivacy Directive 2002/58/EC), where the Norwegian Communications Authority is the right supervisory authority (and not Datatilsynet), and filed a complaint to the Privacy Appeals Board.

Dispute

Does the Datatilsynet have the legal grounds (as a supervisory authority) to impose a request for information on OpenX?

Holding

The Privacy Appeals Board rejected OpenX's complaint as they concluded that Datatilsynet has legal grounds to impose such requests for information as per Article 58(1) GDPR.

Comment

Note that this decision doesn't revolve around the initial complaints submitted by the Norwegian Consumer Council (Forbrukerrådet) or Datatilsynet view on the matters of the complaints. This matter is solely about Datatilsynet's legal grounds to impose a request for information from a data controller, data processor or their representative.

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Norwegian original. Please refer to the Norwegian original for more details.