IV. Governance issues
The services portal norway.no offers e-services to all citizens since the end of 2005.1 Since this year, the portal has been managed by a public agency entitled Norway.no, subordinate to the Ministry of Government Administration, Reform and Church Affairs. The original conception of such a portal first appeared as a project in 1999 under the government programme called "A Simpler Norway" and was launched in January 2000 in cooperation with the Norwegian Association of Local and Regional Authorities.2
The norway.no portal provides information on the public sector, structured around topics of interest (e.g., employers, jobseekers, etc.) and also includes a comprehensive inventory of Norwegian public authorities. In addition to information and services through the Internet, the norway.no agency features a citizen's help desk, which may be contacted by telephone, SMS, fax, post, email, and chat. The desk can direct users to other public agencies as well. Norway.no itself has recently been given further responsibilities on information policy in the public sector, national evaluations of public websites, supervision of conformance to accessibility guidelines and categorisation systems for public information.
There is currently a pilot project on online voting in Norway. In 2011 voters in 10 municipalities (out of a total of 431) will be able to use the system, but it is not clear yet how extensively it will be used in the future. While many politicians think online voting will make voting more popular with young people, others fear that it may lead to the buying and selling of votes, and that family members may unduly influence each other. A recent proposal from the political party HÃ¸yre (Conservative), suggests that even if the pilot is successful the technology should only be used by people with special needs.3 The Government has set up an information site4 and a blog5 on e-voting. The blog is open for debate by the public.
Norway first introduced comprehensive legislation on open government in the form of the 1970 Act on Public Access to Documents in the (Public) Administration, which provided for a broad right of public access to government-held records. That legislation was repealed and replaced in 2006 by a new Act which contains broadly similar provisions as the old Act but in a more technology-neutral form.6 The legislation does not apply to records held by the Parliament, the Office of the Auditor General, the Ombudsman for Public Administration, or other parliamentary institutions; nor to the courts. There are numerous exemptions to the right of access, including exemptions for internal documents (Sections 14-16); information that could be detrimental to the security of the realm, national defence, or relations with foreign states or international organisations (Sections 20-21); information subject to a duty of secrecy; the minutes of the Council of State, photographs of persons entered in a personal data register; complaints, reports, and other documents concerning breaches of the law; answers to examinations or similar tests (Section 26); and documents prepared by a ministry in connection with annual fiscal budgets. If access is denied, individuals can appeal to a higher authority under the act and then to a court.
In May 2010 a portal (Offentleg elektronisk postjournal, OEP) where you can search for public documents from all parts of government administration was launched. Previously, the press had access to such a portal for the majority of the ministries, but with the new portal the general public is allowed the same rights, and the portal is extended to all ministries and the cabinet office.9
All documents sent from ministries, directorates and state agencies are indexed and stored in an online database. Through OEP, anyone can access the database, search for a document of their interest and order it. This order will then be sent to the public agency responsible for the document; it will be considered as a disclosure request. The user will receive an answer to their request directly from the public agency in charge of the document. When a request is rejected, information about the right to appeal against refusals and the time limit will appear in the refusal message. On another note, the responsible public agencies have an obligation to consider that the principles of public openness and confidentiality apply only to the information, not to the entire document.10 In order to protect the individual citizen's privacy, it is not possible to search for all documents related to one individual. Documents that contain sensitive information are either withheld from public altogether, or the sensitive parts are redacted.
In 2007 the Norwegian Government appointed a Privacy Commission which had as its primary remit (i) to stimulate societal discussion about privacy issues, (ii) to assess the challenges facing protection of personal privacy, and (iii) to recommend measures to meet those challenges. The Commission's report was published in early 2009.11 It contains a large number of proposals, including: (i) introducing more explicit and direct provisions on privacy and data protection in the Constitution, (ii) encouraging possibilities for transactional anonymity, (iii) placing a moratorium on the establishment of health registers until a thorough analysis of the privacy implications of existing registers is undertaken, (iv) scaling back the online availability of personal income data, and (v) promoting greater use of privacy impact assessments. The Government is presently considering these proposals. Some proposals have already been acted upon. For example, the Government has established a committee to examine media liability issues with respect to new media platforms, as recommended by the Commission.
Sandok, the Norwegian Armed Forces Health Register came into force in 2006.12 The register may contain personal, service and health data about Defence personnel; information about physical and social environments; and health information â€“ all obtained without the person's consent.13
The Ministry of Government Administration, Reform and Church Affairs has developed guidelines for public privacy impact assessments.14 The guidelines are a supplement to the Instructions for Official Studies and Reports.15 The purpose of these instructions is to ensure the proper preparation and administration of all work relating to official reforms, amendments to regulations, and other measures. The guidelines for privacy impact assessment are meant to help in evaluating which cases require a privacy impact assessment, and to provide instructions for how to conduct such an assessment.
Non-government organisations' advocacy work
In 2009 organisations such as Electronic Frontier Foundation Norway (EFN) were very active in opposing the implementation of the Data Retention Directive into Norwegian law.16 In addition, quite a few "ad hoc" organisations/movements such as "Stopp datalagringsdirektivet" ("stop the data retention directive") emerged.17 It is also noteworthy that the Privacy Commission appointed by the Government in 2007 expressed strong scepticism about implementing the Data Retention Directive, raising serious questions about the proportionality of the Directiveâ€™s requirements.18
In general, privacy advocacy in Norway has been handled by the Data Inspectorate. Norway does not have a strong tradition of NGOs working with privacy issues.
International obligations and International cooperation
Norway has signed and ratified the 1966 UN International Covenant on Civil and Political Rights (ICCPR) and its First Optional Protocol, which establishes an individual complaint mechanism.19
Norway is a member of the Council of Europe (CoE) and has signed and ratified the European Convention on Human Rights.20 It has signed and ratified the CoE's Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108) and has signed its Additional protocol (ETS No. 181).21 It has also signed and ratified the CoE's Convention on Cybercrime.22
Moreover, Norway is a member of the Organisation for Economic Cooperation and Development (OECD). It has adopted the OECD Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data (1980), together with the OECD Guidelines for Cryptography Policy (1997) and Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security (2002).23
- 1. See http://www.norway.no.
- 2. ePractice, eGovernment Factsheet â€“ Norway â€“ Infrastructure (May 2010), available at http://www.epractice.eu/en/document/288463.
- 3. Dokument 8:128 S (2009â€“2010), available at http://www.stortinget.no/no/Saker-og-publikasjoner/Publikasjoner/Represe....
- 4. See http://www.stortinget.no/no/Saker-og-publikasjoner/Publikasjoner/Represe....
- 5. See http://www.e-valgbloggen.no/.
- 6. Act of 19 May 2006 No. 16 amended in January 2009, available in English at http://www.ub.uio.no/ujur/ulovdata/lov-20060519-016-eng.pdf. The primary right of access is set out in Section 3.
- 7. Full text in English available at http://ec.europa.eu/information_society/policy/psi/docs/pdfs/directive/p....
- 8. Act of 19 May 2006 No.16, supra.
- 9. See http://oep.no/nettsted/fad.
- 10. ePractice, eGovernment Factsheet â€“ Norway â€“ Infrastructure, supra.
- 11. NOU 2009:1, supra.
- 12. Ot. Prp. 60 (2003-2004) Om lov om personell i forsvaret (Legal Proposition to Parliament No. 60 (2003.2004) on the Defence Personnel Act), Chapter 9.6.3, available in Norwegian at http://www.regjeringen.no/nb/dep/fd/dok/regpubl/otprp/20032004/otprp-nr-....
- 13. Id.
- 14. The Ministry for Government Administration, Reform and Church Affairs (2008), Vurdering av personvernkonsekvenser (Privacy Impact Assessment), available at http://www.regjeringen.no/upload/FAD/Vedlegg/Statsforvaltning/Personvern....
- 15. The Ministry for Government Administration, Reform and Church Affairs (2005), Instructions for Official Studies and Reports, at http://www.regjeringen.no/upload/FAD/Vedlegg/Statsforvaltning/Utrednings....
- 16. EFN's response to the hearing on the implementation of the Data Retention Directive, available in Norwegian at http://efn.no/dld-hoeringsuttalelse2010.html.
- 17. See Stopp datalagringsdirektivet's homepage, at http://stoppdld.no/om-initiativet/.
- 18. NOU 2009:1 supra, particularly Chapter 17.
- 19. Norway has signed the ICCPR and its First Optional Protocol on 20 March 1968 and ratified them on 13 September 1972. The texts of the Covenant and of its First Optional Protocol are available at http://www2.ohchr.org/english/law/index.htm.
- 20. Signed 11 November 1950; ratified 15 January 1952; entered into force 3 September 1953, available together all the Conventions adopted within the CoE at http://conventions.coe.int/Treaty/Commun/ListeTraites.asp?CM=8&CL=ENG.
- 21. ETS No 108 signed 13 March 1981, ratified 20 February 1984, entered into force 1 October 1985; ETS No. 181 signed 8 November 2001,
- 22. Signed 23 November 2001, ratified 30 June 2006; entered into force 1 October 2006.
- 23. Available at http://www.oecd.org/department/0,3355,en_2649_34255_1_1_1_1_1,00.html.