The Norwegian Data Protection Authority has provided some comments on the draft regulation on the achieving of a police certificate, information on debt and credits when working or serving for Norges Bank.
Consultation response on investigations at the Norges Bank
The proposal means that Norges Bank will have the opportunity to carry out a new processing of many personal data of its employee and other people who have the access at the Bank’s premises without consequences. This is particularly true for information on debts and crimes, which both includes personal data that need protection in which the collection is frequently pursued as inconvenience with data subjects.
The assessment of the Data Inspectorate is that a lot of changes proposed have consequences for the privacy that ask for deep assesses.
Comments of the Data Inspectorate into the proposal
- The list of crimes that need to be written in the police certificate is ampliated in relation to the applicable legislation. The Data Inspectorate considers that there is not enough importance between breaches of the road traffic Law, article 31, and the penal code, articles 191-194 and articles 299-301, and security challenges in Norges Bank that justify the need of a police certificate.
- It is mention also that information of the debt information register shall not be part of basic investigations, because they are not in compliance with the purpose of the debt information legislation. The Authority has frequently warned against the danger of purpose disclosure when collecting citizens ‘ debt information in a debt information company, and believe it is unfortunate that the purpose of the debt Information Act is extended through special legislation.
- Those to whom the regulations apply today, are proposed extended to a larger circle of people. The Norwegian Data Inspectorate believes that it is not proportionate that Norges Bank will have the opportunity to conduct such extensive background surveys by other than its employees.
Personal data worthy of protection
The Data Inspectorate asks for a clarification on when Norges Bank has the access to obtain a police certificate and debts information, that will create more predictability for data subjects and for those one will carry out assessments.
Shortly, the Data Inspectorate considers that Norges Bank interests in obtaining this personal information are not over the privacy consequences that a wider recollection of personal information worthy of protection involve.
Data Inspectorate consulation responce:
horingssvar-om-bakgrunnsundersokelser-ved-arbeid-eller-tjeneste-for-norges-bank