Norway

Norwegian University Fined for Weak Access Controls in Microsoft Teams

Norwegian University Fined for Weak Access Controls in Microsoft Teams

On 4 September 2024, the Norwegian Data Protection Authority imposed a fine of NOK 150,000 on the University of Agder (UiA) following a six-year-long breach of personal data security. UiA had been storing sensitive personal data in open Microsoft Teams folders without proper access controls, making this information available to unauthorized employees and students. Scope […]

Norwegian University Fined for Weak Access Controls in Microsoft Teams Read More »

On 18 June 2024, the Norwegian Data Protection Board ruled that the Norwegian Data Protection Authority (DPA) cannot impose daily fines on Meta for not complying with a ban on behavioral marketing on Facebook and Instagram. This decision challenges the DPA's authority under Norwegian law, which allows daily fines. The Board determined that such fines could only apply to Norwegian companies, not international ones. The ban on behavioral advertising remains, but the ruling raises concerns about enforcement disparities between domestic and international businesses.

The Norwegian Data Protection Authority cannot impose daily fines in cross-border cases

The European Data Protection Board published its final Guidelines on Article 37 of the Law Enforcement Directive (LED). These guidelines establish standards for appropriate safeguards in data transfers by competent authorities, focusing on legally binding instruments with third countries. Key points include selecting transfer mechanisms, evaluating transfer risks to data subjects, and maintaining enhanced accountability. The guidelines emphasize legal certainty and the necessity of ensuring equivalent data protection levels when personal data is transferred outside the EU.

The Norwegian Data Protection Authority cannot impose daily fines in cross-border cases Read More »

Scroll to Top