Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


IV. Governance issues


The services portal offers e-services to all citizens since the end of 2005.1 Since this year, the portal has been managed by a public agency entitled, subordinate to the Ministry of Government Administration, Reform and Church Affairs. The original conception of such a portal first appeared as a project in 1999 under the government programme called "A Simpler Norway" and was launched in January 2000 in cooperation with the Norwegian Association of Local and Regional Authorities.2

The portal provides information on the public sector, structured around topics of interest (e.g., employers, jobseekers, etc.) and also includes a comprehensive inventory of Norwegian public authorities. In addition to information and services through the Internet, the agency features a citizen's help desk, which may be contacted by telephone, SMS, fax, post, email, and chat. The desk can direct users to other public agencies as well. itself has recently been given further responsibilities on information policy in the public sector, national evaluations of public websites, supervision of conformance to accessibility guidelines and categorisation systems for public information.

There is currently a pilot project on online voting in Norway. In 2011 voters in 10 municipalities (out of a total of 431) will be able to use the system, but it is not clear yet how extensively it will be used in the future. While many politicians think online voting will make voting more popular with young people, others fear that it may lead to the buying and selling of votes, and that family members may unduly influence each other. A recent proposal from the political party Høyre (Conservative), suggests that even if the pilot is successful the technology should only be used by people with special needs.3 The Government has set up an information site4 and a blog5 on e-voting. The blog is open for debate by the public.

Open government

Norway first introduced comprehensive legislation on open government in the form of the 1970 Act on Public Access to Documents in the (Public) Administration, which provided for a broad right of public access to government-held records. That legislation was repealed and replaced in 2006 by a new Act which contains broadly similar provisions as the old Act but in a more technology-neutral form.6 The legislation does not apply to records held by the Parliament, the Office of the Auditor General, the Ombudsman for Public Administration, or other parliamentary institutions; nor to the courts. There are numerous exemptions to the right of access, including exemptions for internal documents (Sections 14-16); information that could be detrimental to the security of the realm, national defence, or relations with foreign states or international organisations (Sections 20-21); information subject to a duty of secrecy; the minutes of the Council of State, photographs of persons entered in a personal data register; complaints, reports, and other documents concerning breaches of the law; answers to examinations or similar tests (Section 26); and documents prepared by a ministry in connection with annual fiscal budgets. If access is denied, individuals can appeal to a higher authority under the act and then to a court.

The EU Directive on Public Sector Information7 was implemented into Norwegian law in January 2009.8 Implementation is reflected in the above-cited legislation on open government.

In May 2010 a portal (Offentleg elektronisk postjournal, OEP) where you can search for public documents from all parts of government administration was launched. Previously, the press had access to such a portal for the majority of the ministries, but with the new portal the general public is allowed the same rights, and the portal is extended to all ministries and the cabinet office.9

All documents sent from ministries, directorates and state agencies are indexed and stored in an online database. Through OEP, anyone can access the database, search for a document of their interest and order it. This order will then be sent to the public agency responsible for the document; it will be considered as a disclosure request. The user will receive an answer to their request directly from the public agency in charge of the document. When a request is rejected, information about the right to appeal against refusals and the time limit will appear in the refusal message. On another note, the responsible public agencies have an obligation to consider that the principles of public openness and confidentiality apply only to the information, not to the entire document.10 In order to protect the individual citizen's privacy, it is not possible to search for all documents related to one individual. Documents that contain sensitive information are either withheld from public altogether, or the sensitive parts are redacted.

Other developmetns

In 2007 the Norwegian Government appointed a Privacy Commission which had as its primary remit (i) to stimulate societal discussion about privacy issues, (ii) to assess the challenges facing protection of personal privacy, and (iii) to recommend measures to meet those challenges. The Commission's report was published in early 2009.11 It contains a large number of proposals, including: (i) introducing more explicit and direct provisions on privacy and data protection in the Constitution, (ii) encouraging possibilities for transactional anonymity, (iii) placing a moratorium on the establishment of health registers until a thorough analysis of the privacy implications of existing registers is undertaken, (iv) scaling back the online availability of personal income data, and (v) promoting greater use of privacy impact assessments. The Government is presently considering these proposals. Some proposals have already been acted upon. For example, the Government has established a committee to examine media liability issues with respect to new media platforms, as recommended by the Commission.

Sandok, the Norwegian Armed Forces Health Register came into force in 2006.12 The register may contain personal, service and health data about Defence personnel; information about physical and social environments; and health information – all obtained without the person's consent.13

The Ministry of Government Administration, Reform and Church Affairs has developed guidelines for public privacy impact assessments.14 The guidelines are a supplement to the Instructions for Official Studies and Reports.15 The purpose of these instructions is to ensure the proper preparation and administration of all work relating to official reforms, amendments to regulations, and other measures. The guidelines for privacy impact assessment are meant to help in evaluating which cases require a privacy impact assessment, and to provide instructions for how to conduct such an assessment.

Non-government organisations' advocacy work

In 2009 organisations such as Electronic Frontier Foundation Norway (EFN) were very active in opposing the implementation of the Data Retention Directive into Norwegian law.16 In addition, quite a few "ad hoc" organisations/movements such as "Stopp datalagringsdirektivet" ("stop the data retention directive") emerged.17 It is also noteworthy that the Privacy Commission appointed by the Government in 2007 expressed strong scepticism about implementing the Data Retention Directive, raising serious questions about the proportionality of the Directive’s requirements.18

In general, privacy advocacy in Norway has been handled by the Data Inspectorate. Norway does not have a strong tradition of NGOs working with privacy issues.

International obligations and International cooperation

Norway has signed and ratified the 1966 UN International Covenant on Civil and Political Rights (ICCPR) and its First Optional Protocol, which establishes an individual complaint mechanism.19

Norway is a member of the Council of Europe (CoE) and has signed and ratified the European Convention on Human Rights.20 It has signed and ratified the CoE's Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108) and has signed its Additional protocol (ETS No. 181).21 It has also signed and ratified the CoE's Convention on Cybercrime.22

Moreover, Norway is a member of the Organisation for Economic Cooperation and Development (OECD). It has adopted the OECD Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data (1980), together with the OECD Guidelines for Cryptography Policy (1997) and Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security (2002).23