Norwegian DPA upholds prohibition of data collection through contact-tracing app
The Norwegian Data Protection Authority (DPA) issued a new prohibition on the collection of location data by the Norwegian National Health Authority (Folkehelseinstituttet, FHI) using the Norwegian COVID-19 contact-tracing app Smittestop.
The Norwegian DPA confirmed its original decision, stating that ‘Smittestopp has not constituted a proportional invasion of the individual user’s right to privacy.’ The DPA cited, as the reasons for the disproportionate invasion into privacy, the low community spread of the Coronavirus in Norway, the invasive nature of the central collection of data, and the low number of users of the app, preventing effective tracing of contacts. For Norway to update the current contact-tracing app or launch a new one, apps would have to comply with this prohibition, as well as the Norwegian privacy protection framework before launching it for public use.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.