Icelandic National Police – Violation Found (Iceland, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Icelandic National Police was investigated for using Facebook to request information, but no fine was imposed. The investigation focused on whether the police's data processing practices followed the law for law enforcement purposes. This case shows that even public authorities must adhere to strict data protection rules.
What happened
The Icelandic National Police used Facebook to request information, prompting an investigation into their data processing practices.
Who was affected
Individuals whose personal data may have been processed by the police through Facebook.
What the authority found
The Icelandic authority found that the police's data processing was generally permitted under the law, provided it followed specific legal provisions.
Why this matters
This case illustrates that public authorities must comply with data protection laws, even when using social media. It serves as a reminder for all organizations to ensure lawful data processing.
GDPR Articles Cited
National Law Articles
On the occasion of a news report, the office of the chief of police in the capital area requested information and suggestions via the social media Facebook. Following this event, the DPA started an investigation into whether such processing complied with Act no. 75/2019 on the processing of personal data for law enforcement purposes. The DPA asked the office questions concerning processing data via Facebook by the police and then considered received answers. The DPA held that all processing of personal data for law enforcement purposes must comply with the principles set out in Article 4. Act no. 75/2019. It states that in the processing of personal data for law enforcement purposes, care shall be taken to ensure that it is processed in a lawful and fair manner, that the processing is necessary for the competent authority for law enforcement purposes, that information is obtained for clearly stated, lawful and objective purposes and not further processed. In addition, the processing of sensitive personal data must comply with one of the additional conditions of the first paragraph, following Article 6 Act no. 75/2019. As such, personal information was processed in accordance with the role of the police according to the second paragraph of Article 1 Police Act no. 90/1996. The police keeps a register of complaints they receive about crimes with all the necessary information concerning cases, a diary with information about complaints and their resolution, a list of arrested persons and other files necessary for law enforcement interests to avert imminent danger or deterrence. we commit crimes. In view of the above, the DPA considered that the processing of personal information for the purpose in question is generally permitted, provided that it is carried out in accordance with the provisions of the previously cited law. At the same time, however, the DPA considered Article 14 of Act no. 75/2019, which states that the storage of personal information should be in a
Outcome
Violation Found
The DPA found a violation but did not impose a fine.
Related Enforcement Actions (0)
No other enforcement actions found for Icelandic National Police in IS
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Icelandic National Police - Iceland (2021). Retrieved from cookiefines.eu
Last updated: