The Norwegian SA issues one administrative fine and five reprimands for unlawful sharing of personal information through tracking pixels
Background information
- Date of final decision: 10 June 2025
- National case
- Controllers: 116111.no (Municipality of Kristiansand), apotekfordeg.no (Apotekfordeg AS), bibel.no (Det norske bibelselskap), drdropin.no (Dr.Dropin AS), ifengsel.no (Kirkens Bymisjon), nhi.no (Norsk Helseinformatikk AS)
- Legal Reference(s): Article 6 (Lawfulness of processing), Article 12 (Transparent information, communication and modalities for the exercise of the rights of the data subject), Article 13 (Information to be provided where personal data are collected from the data subject), Article 9 (Processing of special categories of personal data)
- Decision: administrative fine, communication order personal data breach
- Key words: administrative fine, reprimand to processor, sensitive data, children, third party access to personal data, lawfulness of processing Information
Summary of the Decision
Origin of the case
The Norwegian Data Protection Authority conducted an inspection of six websites that use tracking pixels. The purpose of the inspections was primarily to increase awareness about the use of tracking pixels on websites.
Tracking pixels is a technology that automatically sends information about those who visit a website or app to a third party. This can be information about which subpages people visit, what actions they take on the website or what they put in their shopping cart.
Key Findings
All of the websites inspected made personal data about visitors available to third parties without legal basis. The Norwegian Data Protection Authority also found breaches of the duty to provide information.
Decision
The Norwegian Data Protection Authority found that all six websites subject to inspection unlawfully shared personal data of website visitors with third parties. In several of the cases, the personal data shared were of a sensitive nature.
In one of the cases, we imposed a fine of approximately EUR 22 000. The Data Protection Authority issued reprimands to the other websites.
For further information:
- Norwegian Press Release: Ulovlig deling av personopplysninger gjennom sporingspiksler hos seks nettsteder
- English Press Release: Unlawful sharing of personal information through tracking pixels on six websites