Norwegian Parliament – €195,000 Fine (Norway, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Norway's data protection authority fined the Norwegian Parliament EUR 195,000 after a data breach exposed sensitive information like bank accounts and health data. The breach happened because the parliament didn't use enough security measures, such as two-factor authentication. This case highlights the importance of strong security practices to protect personal data.
What happened
The Norwegian Parliament suffered a data breach where unauthorized persons accessed email accounts and stole sensitive personal data.
Who was affected
Members of parliament and parliamentary administrative staff whose email accounts were compromised.
What the authority found
The Norwegian DPA found that the parliament failed to implement adequate security measures, violating GDPR's requirements for data protection.
Why this matters
This fine emphasizes the need for robust security measures, like two-factor authentication, to prevent data breaches. Organizations should regularly review and update their security protocols to protect sensitive information.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The Norwegian DPA has fined the Norwegian Parliament EUR195,000. The parliament had suffered a data breach in which unauthorized persons gained access to the email accounts of members of parliament and parliamentary administrative staff. The attackers had succeeded in siphoning off the data, including personal data on bank accounts, dates of birth and health-related data. During its investigation, the DPA found that the parliament did not incorporate sufficient security mechanisms, such as two-factor authentication, even though a risk analysis in 2020 had found that this posed a high privacy risk. For this reason, the DPA found that the parliamentary administration had not taken appropriate technical and organizational measures to achieve a sufficient level of security.
Related Enforcement Actions (0)
No other enforcement actions found for Norwegian Parliament in NO
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
4 March 2022
Authority
Datatilsynet (Norway)
Fine Amount
€195,000
Enforcement Tracker ID
ETid-1259
About this data
Cite as: Cookie Fines. Norwegian Parliament - Norway (2022). Retrieved from cookiefines.eu
Last updated: