Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:


Home / News
NORWEGIAN SUPERVISORY AUTHORITY: The Norwegian Authority and the Norwegian Consumer Association are fight together in order to make cookies rules stricter

NORWEGIAN SUPERVISORY AUTHORITY: The Norwegian Authority and the Norwegian Consumer Association are fight together in order to make cookies rules stricter

They are asking for changes to the proposal of a new e-legislation and to the legislation on cookies which is currently in use. The purpose is to permit to Norwegian Internet users to take back the control on their own personal information.

The Norwegian Data Protection Authority and the Norwegian Consumer Association are fighting together in order to reinforce cookies legislation

During this year, in July, the Ministry of Local Entities and the Modernization has sent a proposal for a new legislation on e-communication that, among other things, proposes changes to the provision on the consent on the usage of cookies.

The Norwegian Data Protection Authority and the Norwegian Consumer Association are cooperating each other since different years on how privacy and consumer’s protection legislations shall be used and shall complete each other with computerized business models, with the purpose to guarantee the security for consumers.

In the light of how much is important this topic in order to guarantee an everyday safe lifestyle for all the Norwegian Internet users, the Norwegian Data Protection Authority and the Norwegian Consumer Association have mixed their forces in order to present a consultation response on the proposal of regulate the usage of cookies in the e-communication legislation.

Norwegian internet users have a little privacy compared to users in the European Union or into the European Economic Area (EEA). Changes in these legislations are extraordinary and necessary.

Recollection of personal information on large scale

Anyone who has used the Internet has noticed a box on a website with a message similar to this:

“To enable you to have a better experience, we use cookies for analytical purposes and to show you advertising tailored to your preferences.”

A cookie is a small package of information that is deposited on our computer when we browse the web. Some cookies are very practical, for example those that leave a code that says we use the Norwegian language and the next time we visit the same site we get the page in Norwegian. Other cookies map in detail which pages we visit, how long we are there and what we do.

A significant part of the personal information collected about Norwegian Internet users is collected through cookies and other tracking technologies regulated by the Electronic Communications Act. A recurring theme is that this type of tracking is difficult or time-consuming for users to stop.

Today’s regulations affect Internet users’ privacy in Norway

In 2011, legislation came from the EU that stipulated that the use of cookies and similar technologies requires valid consent in accordance with privacy legislation. The aim was to give users control over their personal information. This was not the case in Norway, on the other hand.

When the Ministry of Transport and Communications was to introduce new rules in Norway in 2013, it was instead chosen to allow a preset in the browser that the user accepts cookies to be considered as consent. When the proposal came in, the Data Protection Authority said that the ministry had come up with the far worse solution.

For years, these unclear regulations have led to extensive collection of personal data with very little control and choice for users.

New proposal a step in the right direction, but consent requirement must be specified

The Ministry of Local Government and Modernisation has now proposed that consent in the Electronic Communications Act should meet the requirements for valid consent under the Privacy Ordinance.

We are confident that the Ministry is using the opportunity in this legislative work to amend the provision and put Norway on the same page as the rest of the EU and EEA. The amendment is also a good thing for companies that no longer need to comply with the different consent requirements in the Electronic Communications Act and the personal data regulations and different consent requirements in Norway and the rest of the European Union and European Economic Area.

In the consultation note, however, the Ministry has created ambiguity and confusion by stating that the consent requirement will still be met by the end user using a technical setting in the browser or equivalent in cases where this is technically possible. The Ministry has not justified how it believes that consent through technical recommendations can be implemented in practice.

In today’s market there are no technical solutions for consent through browser settings that meet the consent requirements of the Privacy Ordinance. Today’s browsers use presets, and even if this has been modified to require active action, many of the other conditions for valid consent will not be met.

The Ministry’s statements that consent can also be obtained through technical browser settings may contribute to companies unlawfully collecting and processing personal data. We therefore ask the Ministry to rectify this.

The Norwegian Data Protection Authority should have supervisory competence over the use of cookies and other tracking technologies

When collecting personal information through cookies, the e-com law regulates this, and the National Communications Authority (Nkom) supervises. The further processing of personal data, for example storage, analysis, aggregation or sharing, is regulated by the Personal Data Regulation, which is overseen by the Danish Data Protection Authority.

The Danish Data Protection Authority receives many requests concerning the use of cookies, and for a user who wishes to lodge a complaint against the way personal information about him or her is collected, the fragmented supervisory competence between Nkom and the Danish Data Protection Authority appears confusing, arbitrary and bureaucratic.

It would be much more efficient and effective if the Danish Data Protection Authority could oversee all aspects of the processing of personal data in cases where a complaint is lodged with the Data Protection Agency – including collection through cookies. The exclusion of a large part of the collection of personal data on the Internet from the supervisory authority of the Danish Data Protection Authority makes it very difficult for the Authority to fulfil its public mission.

We ask the Ministry to give the Data Protection Agency the competence to supervise the measure on the use of cookies. This should not have any impact on Nkom’s supervisory competence over the provision.

Responce to the public consultation of the Norwegian Data Protection Authority:



Recommended to you

Advanced Research