Human-Etisk Forbund (the Norwegian Humanist Association ) – Court Ruling (Norway, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Norway's data protection authority reprimanded the Church of Norway for accessing birth certificates without a legal basis. This ruling is important because it shows that organizations must respect privacy laws and have valid reasons for processing personal information.
What happened
The Church of Norway processed birth certificates of children without proper legal justification.
Who was affected
Families whose children were listed as members of the Church of Norway were affected.
What the authority found
The authority found that the Church violated GDPR by accessing confidential information without a legal basis.
Why this matters
This case reinforces the need for organizations to comply with privacy laws and ensure they have the right to access personal data. It serves as a warning to other organizations about the importance of lawful data processing.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The Church of Norway had access to birth certificates of children. Some data subjects discovered that they or their children were listed as member of the Church of Norway. Although the state church system was abolished, and there was no legal basis for access to confidential information from the National Population Register, the data were processed by the Church of Norway. The data subjects lodged a complaint with the Norwegian DPA (Datatilsynet). In parallel, a Norwegian NGO, the Norwegian Humanist Association (Human-Etisk Forbund) filed similar complaints on behalf of five of its members. The DPA reprimanded the Church of Norway for a violation of Article 6(1) GDPR, Article 14(1)(d) GDPR, Article 14(2)(f) GDPR in conjunction with Article 12(1) GDPR. The DPA found the Church of Norway accessed and processed birth certificates for members' children from the National Population Register without a legal basis. Additionally, the Church of Norway didn’t provide its members with easy accessible information about the processing taking place. The data subject, including the ones represented by the Norwegian Humanist Association, appealed against the DPA decision with the Data Protection Board (Personvernnemnda). The data subjects stood on a position that the reprimand issued against the Church or Norway was inadequate and more severe correction measures needed to be applied by the DPA. The Data Protection Board dismissed the appeal. The aim of the appeal was to contest the measures applied by the DPA in reaction to the GDPR violation. However, the Board found no need to reconsider the appropriateness of the measure imposed by the DPA. The Privacy Appeals Board emphasised that the DPA’s choice of reaction towards a violation of the GDPR was not supposed to be influenced by data subject’s expectation of “revenge”. Hence, the data subject had no interest in the outcome of the case after the DPA's correction measure brought the processing into compliance with the GDPR.
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Human-Etisk Forbund (the Norwegian Humanist Association ) in NO
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Human-Etisk Forbund (the Norwegian Humanist Association ) - Norway (2024). Retrieved from cookiefines.eu
Last updated: