Cyber crime and laws in Norway: An overview
This is my second article in the series covering cyber laws of various countries. Through this series, the objective is to discuss what they are doing to deal with technology-facilitated crimes. The first article covered cyber crime and laws in New Zealand. In this article, I am focussing on Norway. For the past ten years, the country has maintained the highest HDI value. It topped the rankings for the happiest country in 2017. On top of this, it is one of the countries with the lowest crime rate in the world. Let’s see whether Norway has taken sufficient measures to curb the menace of cyber crimes.
Recently, Specops Software, in their research, found that the European countries are highly prone to cyber attacks. This report also found that Norway is the second safest countries as it only accounted for 1.38% of cyber attacks in Western Europe. Further, the country also paved its way in the list of top 10 countries, as per the Global Cyber Security Index (2018). On the other hand, a 2019 survey covering 886 companies found that over 45,000 cases of computer hacking, theft, and fraud were recorded. Only 1 out of 9 Norwegian organisations had an in-depth action plan.
Cyber Laws in Norway
1. The Personal Data Act, 2000
The Personal Data Act, 2000 is the primary law focussing on data protection and privacy rights of individuals. This act ensures that personal data is processed in the context of factors such as personal integrity, private life, and right to privacy. It defines personal data as “any information which relates to any person” and processing of personal data as “usage, storage, and recording of personal information of any person.” It provides for different conditions for processing personal data and sensitive personal data. Under the definition of sensitive personal data, it includes race, ethics, political opinion, philosophical and religious beliefs of a person. It also covers information about suspicion/conviction for a criminal offence, health, and sex life.
As per Section 19, a controller has to provide the following information before collecting personal data:
- Controller’s name and address
- Name and address of the controller’s representative, if any
- Purpose of data processing
- Sharing of personal data with third parties
- Details of third parties with whom personal data will be shared
You can access this act here.
2. The Penal Code, 2005
The Penal Code, 2005 provides for the protection and lawful exchange of information under Chapter 21. It prescribes punishments for acts such as:
- Intentionally procuring a password or computer program (Fine and imprisonment up to 1 year)
- Obtaining illegal access to a computer system (Fine and imprisonment up to 2 years)
- Meddling with data belonging to another person without permission (Fine and imprisonment up to 1 year)
- Possession of malware (Fine and imprisonment up to 1 year)
- Obstructing the working of an IT system or creating operational disruption (Fine and imprisonment up to 2 years)
- Violation of the right to private communication (Fine and imprisonment up to 2 years)
Cyber crime and children
Norway is one of the most technologically advanced countries with access to the internet. 86% Norwegians use Facebook daily while Snapchat is the most popular application. A Norwegian Media Authority (NMA) survey found that most of the children above 10 years of age have access to the internet. In the age group of 9 to 18, 1 out of 4 children was a victim of cyber bullying and online harassment. Further, 13% of individuals between the age group of 13 to 18 years accepted sending their nude pictures over the internet. 20% of them received sexual comments online, which were offensive in nature.
Various local news reports have noted a startling increase in online child sexual abuse in Norway. Kripos, or the National Criminal Investigation Service (NCIS), has stumbled across thousands of IP addresses involved in the dissemination of child sexual abuse material (CSAM) online. Easier access to the internet, technological developments, and the popularity of dark web are contributing factors. To read more about regulating dark web and challenges, click here.
- NCIS, in coordination with European police, is a part of the program called Police2Peer for catching the perpetrators involved in sharing of CSAM online.
- NCIS also plays the role of the national hotline for reporting the incidents of CSAM online.
- The Norwegian government has launched the Escalation Plan against violence and abuse (2017-2021) to fight against online child abuse and exploitation.
- Norwegian Data Protection Authority has started a service called SlettMeg.No or popularly known as “Delete Me.” This service works with online platforms for removing/de-linking of unwanted content.
- Barnevakten, an NGO, has started an initiative called Bruk Hue (Break Your Head) to spread cyber awareness in schools. It also helps individuals in battling online harassment.
- NMA has also initiated a project called Trygg Bruk (Safe Use) for assisting children in following good cyber security practices.
Over the years, Norway has consistently maintained its HDI ranking. While the crime rate remains in control, it is commendable to see various governmental and non-governmental initiatives. Like many countries, Norway also launched its contract tracing app called Smittestopp to control the spread of COVID-19. However, many privacy experts, including the national data protection authority, criticised the application due to its highly privacy-invasive nature. After this, the Norwegian health authorities suspended the application. To read more about India’s contact tracing app and privacy concerns, click here.
Interested in contributing to our blog and knowledge base? Write to us at email@example.com and elaborate on how you can help us in creating a safer cyber space.