Details:
| Summary | The Norwegian DPA (Datatilsynet) has imposed a fine of EUR 39,000 on the Municipality of Oslo. On a website of the controller a subpoena from the public prosecutor’s office concerning the data subject had been published. The subpoena contained, among other things, personal information such as health data. The incident occurred because the subpoena was not originally classified as confidential and accordingly was not exempted from public disclosure. The document was publicly available for five hours before it was removed. |
| Link: | link |
| Related articles: | Art. 5 GDPR, Art. 6 GDPR |
| Type: | Insufficient legal basis for data processing |
| Fine: | EUR 39,000 |
| Sector | Public Sector and Education |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/