The Norwegian SA fines Recover AS for violation of privacy

20 January 2023

Background information

  • Date of final decision: 09 September 2022          
  • National case
  • Controller: Recover AS
  • Legal Reference: Lawfulness of processing (Article 6)
  • Decision: Infringement of the GDPR and fine imposed
  • Key words: Credit ratings, special categories of data


Summary of the Decision


Origin of the case

The background to the fine is a complaint from a private individual who was subjected to a credit assessment without any form of customer relationship or other connection to the company Recover AS.


Key Findings

A credit rating is the result of a compilation of personal data from many different sources and indicates the likelihood of a person being able to pay an outstanding claim. A credit rating will also include detailed information concerning the person's financial situation, such as any payment remarks, debt-to-income ratio and whether the person has any mortgages/liens. The Norwegian Supervisory Authority, SA takes these matters seriously, and normally issue fines for this type of infraction.



The Norwegian SA has fined Recover AS EUR 20,000 for non-compliance. The matter concerns a credit rating performed without legal basis.


For further information:

The news published here does not constitute official EDPB communication, nor an EDPB endorsement. This news item was originally published by the national supervisory authority and was published here at the request of the SA for information purposes. Any questions regarding this news item should be directed to the supervisory authority concerned.