Redacted – Court Ruling (Norway, 2022)

Court Ruling
Datatilsynet (Norway)15 February 2022Norway
final
Court Ruling

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Norway's Privacy Appeals Board upheld a fine against a company for installing workplace cameras without telling employees. The Board found this violated GDPR rules about transparency and consent. This decision highlights the importance of informing employees about surveillance to avoid privacy breaches.

What happened

A company installed surveillance cameras in the workplace without informing employees or customers.

Who was affected

Employees and customers who were recorded by the workplace surveillance cameras.

What the authority found

The Board ruled that the company violated GDPR by not informing employees and customers about the surveillance, justifying the fine.

Why this matters

This ruling emphasizes the need for companies to communicate clearly about surveillance practices. Businesses should ensure they have proper signage and inform all affected parties to comply with privacy laws.

GDPR Articles Cited

Art. 6 GDPR
Art. 13 GDPR
Art. 5(1)(a) GDPR
Art. 5(1)(c) GDPR
Art. 12(1) GDPR

National Law Articles

Regulation on the use of camera surveillance in a business
Decision AuthorityPVN
Reviewed AuthorityDatatilsynet (Norway)
Norway enforcementDatatilsynet (Norway) actionsAll Redacted actions
Full Legal Summary
Detailed

This case is an appeal of the decision 20/01648 by the Norwegian DPA (Datatilsynet), in which it imposed a fine of NOK 100,000 (approx. €10,000). The defendant asked for the fine to be overturned or reduced significantly, due to the company's "critical financial state". The Privacy Appeals Board assessed if a fine could be imposed as per Article 83(5) GDPR, cf. Article 83(2) GDPR, and in which case, how large it should be. The Board agreed with the DPA that the installation of the camera was not discussed with the employees in advance, as claimed by the defendant, since there were no evidence of such discussions. The Board noted that continuously surveilling a workplace is very intrusive for the employees, and also for the customers since there were no proper signage or information about the surveillance, and finds this to be a serious violation of the GDPR. The Board agreed with the DPA in that the defendant's actions are serious and criticizable, deserving of a sanction and which justified the level of the fine. This was further substantiated by the lack of technical and organisational measures for GDPR compliance in the company.

Outcome

Court Ruling

A ruling by a national court on a data-protection matter.

Related Cases (1)

Other cases involving Redacted in NO

Current
Feb 2022

Court Ruling

Fine
Mar 2022· Datatilsynet (Norway)

An employee (the data subject) had quit their job and was supposed to assist the employer (the controller) during the notice period. However, due to d...

€9K

Details

Ruling Date

15 February 2022

Authority

Datatilsynet (Norway)

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Redacted - Norway (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: