On 30-31 May 2024, the Nordic data protection authorities met in Oslo for their annual meeting. The purpose of the meetings is to discuss current data protection issues and exchange practices. At the meeting, a joint declaration was signed on how we will co-operate on current data protection issues.
Meetings between the Nordic data protection authorities have been organised since 1988, and this year all the Nordic countries (Denmark, Finland, the Faroe Islands, Iceland, Norway, Sweden and Åland) took part.
“The Nordic data protection authorities share the same values and face the same challenges. We will therefore continue our close co-operation and strengthen it in the future,” says Line Coll, Director of the Norwegian Data Protection Authority.
During the meeting, the Nordic data protection authorities adopted some common principles on children and online gaming. These will be published later.
In connection with the EU’s package of new laws in the digital field, the importance of avoiding fragmented supervisory structures was emphasised. If resourced, DPAs could provide practical guidance on the interaction between the GDPR and the new legislation to support innovation.
AI was also specifically discussed. Although the AI Regulation will regulate certain aspects of AI, the Regulation will continue to apply. As a rule, the development, training and use of AI will involve the processing of personal data, and it is therefore necessary to deal with both sets of rules. Data protection authorities have a number of roles to fulfil when it comes to AI, and need sufficient resources to carry out their tasks and to counteract legal uncertainty.
It was also emphasised that national legislation must ensure and support responsible AI. It is particularly important to ensure that the processing of personal data in the context of AI has a legal basis.
The importance of the general Nordic approach of imposing infringement fees on public bodies was also discussed. The data protection authorities in Finland, Åland and the Faroe Islands should also be able to impose such infringement fines.
Finally, the importance of efficiency and a risk-based approach to supervisory tasks was discussed. The data protection authorities’ resource situation continues to affect their ability to safeguard citizens’ fundamental right to privacy. The situation in Åland is particularly precarious.
The meeting concluded with the signing of a joint declaration by all data protection authorities.