Norwegian Labor and Welfare Administration – €1,700,000 Fine (Norway, 2023)

€1,700,000Datatilsynet (Norway)27 November 2023Norway
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Norwegian Labor and Welfare Administration (NAV) was fined €1.7 million for not securing personal data properly. The agency allowed too many employees access to sensitive information without adequate controls. This case serves as a reminder for all organizations to ensure they have strong data protection measures in place.

What happened

NAV did not implement appropriate technical and organizational measures to protect personal data.

Who was affected

Individuals in Norway whose personal data was accessed by NAV employees.

What the authority found

The Norwegian Data Protection Authority determined that NAV failed to secure personal data, violating GDPR's security requirements.

Why this matters

This case shows that organizations must prioritize data security to protect personal information. It encourages all businesses to assess their data protection strategies.

GDPR Articles Cited

AI-verified

Art. 5(1)(f) GDPR
Art. 5(2) GDPR
Art. 24(1) GDPR
Art. 25(1) GDPR
Art. 32(1)(d) GDPR
Art. 32(2) GDPR
View original scraped data
Art. 5(1)(f) GDPR
Art. 5(2) GDPR
Art. 24(1) GDPR
Art. 25(1) GDPR
Art. 32(1)(d) GDPR
Art. 32(2) GDPR

Original data from scraper before AI verification against source document.

Source verified 5 March 2026
amount discrepancy
Norway enforcementDatatilsynet (Norway) actionsAll Norwegian Labor and Welfare Administration actions
Full Legal Summary
Detailed

The Norwegian DPA has imposed a fine of EUR 1.7 million on Arbeids- og velferdsetaten, the Norwegian Labor and Welfare Administration (NAV). During its investigation, the DPA found that the controller had failed to implement appropriate technical and organizational measures to protect personal data. For example, the IT systems were not adequately secured. In addition, an excessive number of employees had access to personal data, including very sensitive data in some cases. At the same time, the controller failed to carry out systematic controls regarding employee use of IT systems. In assessing the fine, the DPA considered the fact that the data had been handled insecurely over a long period of time.

Related Enforcement Actions (0)

No other enforcement actions found for Norwegian Labor and Welfare Administration in NO

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

27 November 2023

Authority

Datatilsynet (Norway)

Fine Amount

€1,700,000

Enforcement Tracker ID

ETid-2136

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Norwegian Labor and Welfare Administration - Norway (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: