Kristiansand Municipality – €21,750 Fine (Norway, 2025)

Following media reports about the use of invasive tracking tools on website, DPA investigated www.116111.no. The website is a help line for abused minors operated by the Kristiansand Municipality (the controller). The investigation found 17 cookies on the website along with Meta and Snap pixels. A pixel is a tracking tool attached to the website that directly sends user’s data to its operator. The DPA decided to limit its investigation to the use of the pixels. At the time of the investigation, the controller’s privacy policy did not mention the cookies and the pixels. The privacy policy was later amended to list cookies and tracking pixels more completely. However, the new privacy policy still failed to specify the legal basis for processing personal data, and the categories of data processed via the trackers. The DPA fined the controller 250,000 NOK (€21,600) for processing personal data via the Snap and Meta pixels without a lawful basis. The DPA clarified that it did not issue an injunction to remove the trackers because the controller already did so at the time of the decision. = The DPA fist established that the municipality was a data controller for the pixels as per Article 4(7) GDPR as it operated the website, integrated the tracking tools and determined the purpose of processing (i.e.: to measure the reach of its media campaign). In this regard, the DPA clarified that it was not relevant that the municipality had no access to the data processed via the pixels. On this point, the DPA referred to the Fashion ID ruling of the CJEUCJEU, case C-40/17, Fashion ID, 29 July 2019 (available here).. = Third party pixel collected personal information including unique user IDs, IP addresses, and device fingerprints which could be used as identifiers by Meta and Snap. For this reasons, the DPA held the pixels collected personal data, contrary to what the controller’s privacy policy stated. The DPA then assess whether the controller could rely on a legal basis for