The Norwegian Data Protection Authority believes the Stavanger Labor Party has breached the privacy act – news Rogaland – Local news, TV and radio

– Of course we must follow what they say. At the same time, we must read the letter carefully, and see if there is something we agree or disagree with, says Dag Mossige, group leader in the Stavanger Labor Party. The Norwegian Data Protection Authority has this week sent a preliminary notice of reprimand to the Stavanger Labor Party after they have dealt with the case that the party sent out e-mails with political content last year. What at the time were the incumbent majority parties in Stavanger (Ap, Folkets Parti, MDG, Rødt, Sp and SV) sent e-mails through the domain rodgrontstavanger.no with content that could be perceived as political advertising. Excerpt from the e-mail that was sent out. Photo: Screenshot Reprimand is one of the forms of reaction that the privacy regulations have. – It is a finding that you have done something that is not right, and that we are reacting to it. It will be a kind of finding that the regulations were not followed, says head of section Camilla Nervik in the section for public services in the Norwegian Data Protection Authority. Head of section Camilla Nervik in the section for public services in the Norwegian Data Protection Authority. Photo: Ilja C. Hendel The warning concerns a reprimand for two matters. – One is that they have not given the information they should to the registered parents. The second relates to the assessments they made when they came to the conclusion that they had a legal basis or authority to send out those e-mails, says Nervik. Stavanger Aftenblad and VG mentioned the case first. Haven’t familiarized myself with the notice yet – If we agree that it is justified, we will take it into consideration and make sure we do it right next time, says Mossige. Dag Mossige, group leader in the Stavanger Labor Party. Photo: Øystein Otterdal / Øystein Otterdal Sissel Beate Fuglestad, leader of the Stavanger Labor Party, points out that they have not thoroughly familiarized themselves with the notice yet. The deadline for responses is 23 August. – Now it is a notice of their assessment so far. If they decide that they want to give us a reprimand, then we will follow it up and change our routines going forward, says Sissel Beate Fuglestad, leader of the Stavanger Labor Party. – But my immediate thought is that I have no reason to disagree with the Norwegian Data Protection Authority in these assessments. The hail of criticism Stavanger Arbeiderparti asked for access to the contact information of relevant parents from Stavanger municipality, and got it. There was a hail of criticism when the email was sent out, including from parents who received it, and the parties in opposition. Photo: Mathias Oppedal / news – It has been a case that people consider important, and it has had great interest among those affected, says Nervik. In addition to eight complaints from individuals, several inquiries have been made to the Norwegian Data Protection Authority’s tip database. Privacy expert Malgorzata Agnieszka Cyndecka believed that the political stunt could be illegal when it first became known. She is an associate professor at the University of Bergen. Øyvind Jacobsen, who was a political adviser in the Stavanger Labor Party when the e-mail was sent, stated to news last summer that they had made the necessary legal assessments. The Norwegian Data Protection Authority has now sent a notice to the party asking for an explanation. Extract from the Act on the processing of personal data Article 6. Legality of the processing 1. The processing is only legal if and to the extent that at least one of the following conditions is met: a. the data subject has consented to the processing of his personal data for one or more specific purposes, b .the processing is necessary to fulfill an agreement to which the data subject is a party, or to implement measures at the data subject’s request before entering into an agreement, c.the processing is necessary to fulfill a legal obligation incumbent on the controller, d.the processing is necessary to protect the vital interests of the data subject or another natural person, e. the processing is necessary to carry out a task in the public interest or to exercise public authority to which the controller is required, f. the processing is necessary for purposes related to the legitimate interests being pursued by the controller or a third party, unless the data subject’s interests or fundamental rights and freedoms take precedence and require the protection of personal data, particularly if the data subject is a child. Source: Statutory data Published 23.07.2024, at 21.16 Updated 23.07.2024, at 21.27



ttn-69