Personopplysningsloven

Personopplysningsloven makes GDPR applicable in Norway through the EEA Agreement and adds national provisions where GDPR allows member state flexibility. Datatilsynet (the Norwegian Data Protection Authority) supervises compliance and handles complaints.

The Norwegian Personal Data Act (Personopplysningsloven) implements GDPR in Norway through the EEA Agreement mechanism. While GDPR forms the core of Norwegian data protection law, the Act includes supplementary national rules where GDPR permits flexibility: age of consent for children’s data (13 years), national identification numbers, processing for archiving and research purposes, and employment-related processing. Datatilsynet serves as Norway’s independent supervisory authority with powers to investigate, issue orders, and impose administrative fines. The Act interacts with other Norwegian legislation including Sikkerhetsloven (national security) and Ekomloven (electronic communications), creating a comprehensive framework for data protection in Norway.