Human-Etisk Forbund (the Norwegian Humanist Association ) – Court Ruling (Norway, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Church of Norway had access to birth certificates of children. Some data subjects discovered that they or their children were listed as member of the Church of Norway. Although the state church system was abolished, and there was no legal basis for access to confidential information from the National Population Register, the data were processed by the Church of Norway. The data subjects lodged a complaint with the Norwegian DPA (Datatilsynet). In parallel, a Norwegian NGO, the Norwegian Humanist Association (Human-Etisk Forbund) filed similar complaints on behalf of five of its members. The DPA reprimanded the Church of Norway for a violation of Article 6(1) GDPR, Article 14(1)(d) GDPR, Article 14(2)(f) GDPR in conjunction with Article 12(1) GDPR. The DPA found the Church of Norway accessed and processed birth certificates for members' children from the National Population Register without a legal basis. Additionally, the Church of Norway didn’t provide its members with easy accessible information about the processing taking place. The data subject, including the ones represented by the Norwegian Humanist Association, appealed against the DPA decision with the Data Protection Board (Personvernnemnda). The data subjects stood on a position that the reprimand issued against the Church or Norway was inadequate and more severe correction measures needed to be applied by the DPA. The Data Protection Board dismissed the appeal. The aim of the appeal was to contest the measures applied by the DPA in reaction to the GDPR violation. However, the Board found no need to reconsider the appropriateness of the measure imposed by the DPA. The Privacy Appeals Board emphasised that the DPA’s choice of reaction towards a violation of the GDPR was not supposed to be influenced by data subject’s expectation of “revenge”. Hence, the data subject had no interest in the outcome of the case after the DPA's correction measure brought the processing into compliance with the GDPR.
GDPR Articles Cited
The Church of Norway had access to birth certificates of children. Some data subjects discovered that they or their children were listed as member of the Church of Norway. Although the state church system was abolished, and there was no legal basis for access to confidential information from the National Population Register, the data were processed by the Church of Norway. The data subjects lodged a complaint with the Norwegian DPA (Datatilsynet). In parallel, a Norwegian NGO, the Norwegian Humanist Association (Human-Etisk Forbund) filed similar complaints on behalf of five of its members. The DPA reprimanded the Church of Norway for a violation of Article 6(1) GDPR, Article 14(1)(d) GDPR, Article 14(2)(f) GDPR in conjunction with Article 12(1) GDPR. The DPA found the Church of Norway accessed and processed birth certificates for members' children from the National Population Register without a legal basis. Additionally, the Church of Norway didn’t provide its members with easy accessible information about the processing taking place. The data subject, including the ones represented by the Norwegian Humanist Association, appealed against the DPA decision with the Data Protection Board (Personvernnemnda). The data subjects stood on a position that the reprimand issued against the Church or Norway was inadequate and more severe correction measures needed to be applied by the DPA. The Data Protection Board dismissed the appeal. The aim of the appeal was to contest the measures applied by the DPA in reaction to the GDPR violation. However, the Board found no need to reconsider the appropriateness of the measure imposed by the DPA. The Privacy Appeals Board emphasised that the DPA’s choice of reaction towards a violation of the GDPR was not supposed to be influenced by data subject’s expectation of “revenge”. Hence, the data subject had no interest in the outcome of the case after the DPA's correction measure brought the processing into compliance with the GDPR.
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Human-Etisk Forbund (the Norwegian Humanist Association ) in NO
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Human-Etisk Forbund (the Norwegian Humanist Association ) - Norway (2024). Retrieved from cookiefines.eu
Last updated: