Norway
Oslo Municipal Education Department
120,000 €
GDPR enforcement action by Norwegian Supervisory Authority (Datatilsynet) on 2019-04-29.
Rank · Sector
#39
of 357 in Public Sector and Education
Rank · Norway
#13
of 53
Rank · All fines
#432
of 3,050
Case details
- Authority
- Norwegian Supervisory Authority (Datatilsynet)
- Date
- 2019-04-29
- Controller / Processor
- Oslo Municipal Education Department
- Sector
- Public Sector and Education
- Quoted Articles
- Art. 32 GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
Fine for security vulnerabilities in a mobile messaging app developed for use in an Oslo school. The app allows parents and students to send messages to school staff. Due to insufficient technical and organizational measures to protect information security, unauthorized persons were able to log in as authorized users and gain access to personal data about students, legal representatives and employees. The fine has meanwhile been reduced to EUR 120.000, see https://edpb.europa.eu/news/national-news/2020/norwegian-data-protection-authority-imposes-fine-municipality-oslo-education_en
Open original source
Links to the regulator's original publication or another source.
Related fines
Norway
2021-12-13
6,300,000 €
ETid-950
Grindr LLC
Media, Telecoms and Broadcasting
Norway
2026-06-01
1,820,000 €
ETid-3193
Elkjøp AS
Industry and Commerce
Norway
2023-11-27
1,700,000 €
ETid-2136
Norwegian Labor and Welfare Administration
Public Sector and Education
Norway
2023-02-06
900,000 €
ETid-1656
Sats ASA
Industry and Commerce
Norway
2021-09-27
496,000 €
ETid-851
Ferde AS
Public Sector and Education
Norway
2021-10-18
412,000 €
ETid-878
Østre Toten municipality
Public Sector and Education