Datatilsynet (Norway)- 20/02254: Difference between revisions

From GDPRhub
(Created page with "{{DPAdecisionBOX |Jurisdiction=Norway |DPA-BG-Color= |DPAlogo=LogoNO.png |DPA_Abbrevation=Datatilsynet |DPA_With_Country=Datatilsynet (Norway) |Case_Number_Name= 20/02254-1...")
 
mNo edit summary
Line 58: Line 58:
}}
}}


The Norwegian Privacy Appeals Board (Personvernrådet) rejected OpenX' complaint and upheld the Norwegian data protection authority's (Datatilsynet) request for information as submitted to OpenX on 21 February 2020.
In a case at the intersection of telecommunications law and data protection, the Norwegian Privacy Appeals Board (Personvernrådet) upheld the Norwegian DPA's (Datatilsynet) request for information to OpenX.


== English Summary ==
==English Summary==


=== Facts ===
===Facts===
The Norwegian Consumer Council (Forbrukerrådet) filed three complaints against the gay/bi dating app Grindr and five adtech companies that received personal data through the app. Subsequently, Datatilsynet sent a request for more information from one of the adtech companies; OpenX.  
The Norwegian Consumer Council (Forbrukerrådet) filed three complaints against the gay/bi dating app Grindr and five adtech companies that received personal data through the app. Subsequently, Datatilsynet sent a request for more information from one of the adtech companies; OpenX.  


OpenX refused to respond on the basis that Datatilsynet don't have legal grounds to impose such a request on them, because, in their opinion, the issue relates to the Electronic Communications Act § 2(7)(b) (cf. Article 5(3) ePrivacy Directive 2002/58/EC), where the Norwegian Communications Authority is the right supervisory authority (and not Datatilsynet), and filed a complaint to the Privacy Appeals Board.
OpenX refused to respond on the basis that Datatilsynet don't have legal grounds to impose such a request on them, because, in their opinion, the issue relates to the Electronic Communications Act § 2(7)(b) (cf. Article 5(3) ePrivacy Directive 2002/58/EC), where the Norwegian Communications Authority is the right supervisory authority (and not Datatilsynet), and filed a complaint to the Privacy Appeals Board.


=== Dispute ===
===Dispute===
Do Datatilsynet have the legal grounds (as a supervisory authority) to impose a request for information on OpenX?
Does the Datatilsynet have the legal grounds (as a supervisory authority) to impose a request for information on OpenX?


=== Holding ===
===Holding===
The Privacy Appeals Board rejected OpenX's complaint as they concluded that Datatilsynet have legal grounds to impose such requests as per Article 58(1) GDPR.
The Privacy Appeals Board rejected OpenX's complaint as they concluded that Datatilsynet has legal grounds to impose such requests for information as per Article 58(1) GDPR.


== Comment ==
==Comment==
Note that this decision doesn't revolve around the initial complaints submitted by the Norwegian Consumer Council (Forbrukerrådet) or Datatilsynet view on the matters of the complaints. This matter is solely about Datatilsynet's legal grounds to impose a request for information from a data controller, data processor or their representative.
Note that this decision doesn't revolve around the initial complaints submitted by the Norwegian Consumer Council (Forbrukerrådet) or Datatilsynet view on the matters of the complaints. This matter is solely about Datatilsynet's legal grounds to impose a request for information from a data controller, data processor or their representative.


== Further Resources ==
==Further Resources==
''Share blogs or news articles here!''
''Share blogs or news articles here!''


== English Machine Translation of the Decision ==
==English Machine Translation of the Decision==
The decision below is a machine translation of the Norwegian original. Please refer to the Norwegian original for more details.
The decision below is a machine translation of the Norwegian original. Please refer to the Norwegian original for more details.



Revision as of 15:52, 23 October 2020

Datatilsynet - 20/02254-1 (20/00768)/TSM
LogoNO.png
Authority: Datatilsynet (Norway)
Jurisdiction: Norway
Relevant Law: Article 57(1)(a) GDPR
Article 57(1)(f) GDPR
Article 58(1) GDPR
Article 5(3) ePrivacy Directive 2002/58/EC
Public Administration Act § 14
The Electronic Communications Act § 2(7)(b)
Type: Complaint
Outcome: Rejected
Started:
Decided: 07.09.2020
Published: 07.09.2020
Fine: None
Parties: OpenX Software Ltd., OpenX Ltd. og OpenX Technologies, Inc.
Privacy Appeals Board
Datatilsynet
National Case Number/Name: 20/02254-1 (20/00768)/TSM
European Case Law Identifier: n/a
Appeal: n/a
Original Language(s): Norwegian
Original Source: Personvernnemda (in NO)
Initial Contributor: Rie Aleksandra Walle

In a case at the intersection of telecommunications law and data protection, the Norwegian Privacy Appeals Board (Personvernrådet) upheld the Norwegian DPA's (Datatilsynet) request for information to OpenX.

English Summary

Facts

The Norwegian Consumer Council (Forbrukerrådet) filed three complaints against the gay/bi dating app Grindr and five adtech companies that received personal data through the app. Subsequently, Datatilsynet sent a request for more information from one of the adtech companies; OpenX.

OpenX refused to respond on the basis that Datatilsynet don't have legal grounds to impose such a request on them, because, in their opinion, the issue relates to the Electronic Communications Act § 2(7)(b) (cf. Article 5(3) ePrivacy Directive 2002/58/EC), where the Norwegian Communications Authority is the right supervisory authority (and not Datatilsynet), and filed a complaint to the Privacy Appeals Board.

Dispute

Does the Datatilsynet have the legal grounds (as a supervisory authority) to impose a request for information on OpenX?

Holding

The Privacy Appeals Board rejected OpenX's complaint as they concluded that Datatilsynet has legal grounds to impose such requests for information as per Article 58(1) GDPR.

Comment

Note that this decision doesn't revolve around the initial complaints submitted by the Norwegian Consumer Council (Forbrukerrådet) or Datatilsynet view on the matters of the complaints. This matter is solely about Datatilsynet's legal grounds to impose a request for information from a data controller, data processor or their representative.

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Norwegian original. Please refer to the Norwegian original for more details.