NORWAY
N/A
Pillar Online sales and transactions |
Indicator Ratification of the UN Convention on the Use of Electronic Communications in International Contracts
Lack of signature of the UN Convention on the Use of Electronic Communications in International Contracts
Norway has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.
Coverage Horizontal
NORWAY
Since June 2018, entry into force in July 2018
Pillar Domestic data policies |
Indicator Framework for data protection
Act on the processing of personal data (Personal Data Act) (Lov om behandling av personopplysninger (personopplysningsloven))
The Act on the Processing of Personal Data (Personal Data Act) implements the General Data Protection Regulation (GDPR) of the European Union in Norway. In addition to companies established in the EU, the Regulation applies extraterritorially to companies offering goods or services to data subjects in the EU and companies that monitor the behaviour of EU citizens (Art. 3). Norway thus has a fully established framework for the protection of personal data.
Coverage Horizontal
NORWAY
Since June 2018, entry into force in July 2018
Pillar Domestic data policies |
Indicator Requirement to perform a Data Protection Impact Assessment (DPIA) or have a data protection officer (DPO)
Act on the processing of personal data (Personal Data Act) (Lov om behandling av personopplysninger (personopplysningsloven))
The Act on the Processing of Personal Data (Personal Data Act) implements the General Data Protection Regulation (GDPR) of the European Union in Norway. The GDPR requires that organisations conducting "regular and systematic monitoring of data subjects on a large scale" or whose activities include the processing of sensitive personal data on a large scale must appoint a Data Protection Officer (DPO).
Coverage Horizontal
Source
- ttps://web.archive.org/web/20231124003851/https://lovdata.no/dokument/NL/lov/2018-06-15-38?q=gdpr
NORWAY
Since June 2018, entry into force in July 2018
Pillar Domestic data policies |
Indicator Requirement to perform a Data Protection Impact Assessment (DPIA) or have a data protection officer (DPO)
Act on the processing of personal data (Personal Data Act) (Lov om behandling av personopplysninger (personopplysningsloven))
The Act on the Processing of Personal Data (Personal Data Act) implements the General Data Protection Regulation (GDPR) of the European Union in Norway. Under the GDPR, Data Protection Impact Assessments (DPIAs) are mandatory for data processing activities that are likely to result in a high risk to the rights and freedoms of natural persons.
Coverage Horizontal
NORWAY
Since May 2003, entry into force in July 2003
Pillar Intermediary liability |
Indicator Safe harbour for intermediaries for copyright infringement
Act No. 35 Relating to Certain Aspects of Electronic Commerce and Other Information Services (Electronic Commerce Act) (Lov om visse sider av elektronisk handel og andre informasjonssamfunnstjenester (ehandelsloven))
The Act on certain aspects of electronic commerce and other information society services (e-commerce law) implements Directive 2000/31/EC (E-Commerce Directive), establishing a conditional safe harbour for Internet Service Providers (ISPs) in Norway. The limitations on liability in the Directive apply to certain clearly delimited activities carried out by internet intermediaries rather than to categories of service providers or types of information. These are caching, conducting and hosting (Sections 16–18), while Section 19 releases ISPs from monitoring obligations.
In addition, ISPs are responsible for illegal content (including copyright infringement) if they obtain knowledge or awareness that such content is present and do not expeditiously remove or restrict access to the content. As a result, many ISPs have proactively introduced user agreements to allow them to remove any controversial content – including content that is not necessarily illegal – in order to protect themselves from liability. The Ministry of Culture is working on the implementation of Directive 2019/790 on Copyright in the Digital Single Market.
In addition, ISPs are responsible for illegal content (including copyright infringement) if they obtain knowledge or awareness that such content is present and do not expeditiously remove or restrict access to the content. As a result, many ISPs have proactively introduced user agreements to allow them to remove any controversial content – including content that is not necessarily illegal – in order to protect themselves from liability. The Ministry of Culture is working on the implementation of Directive 2019/790 on Copyright in the Digital Single Market.
Coverage Internet service providers
NORWAY
Since May 2003, entry into force in July 2003
Pillar Intermediary liability |
Indicator Safe harbour for intermediaries for any activity other than copyright infringement
Act No. 35 Relating to Certain Aspects of Electronic Commerce and Other Information Services (Electronic Commerce Act) (Lov om visse sider av elektronisk handel og andre informasjonssamfunnstjenester (ehandelsloven))
The Act on certain aspects of electronic commerce and other information society services (e-commerce law) implements Directive 2000/31/EC (E-Commerce Directive), establishing a conditional safe harbour for Internet Service Providers (ISPs) in Norway. The limitations on liability in the Directive apply to certain clearly delimited activities carried out by internet intermediaries rather than to categories of service providers or types of information. These are caching, conducting and hosting (Sections 16–18), while Section 19 releases ISPs from monitoring obligations.
In addition, ISPs are responsible for illegal content (including copyright infringement) if they obtain knowledge or awareness that such content is present and do not expeditiously remove or restrict access to the content. As a result, many ISPs have proactively introduced user agreements to allow them to remove any controversial content – including content that is not necessarily illegal – in order to protect themselves from liability. Finally, Norway is obliged to implement Directive 2019/790 on Copyright in the Digital Single Market. However, it has not yet done so as of May 2022.
In addition, ISPs are responsible for illegal content (including copyright infringement) if they obtain knowledge or awareness that such content is present and do not expeditiously remove or restrict access to the content. As a result, many ISPs have proactively introduced user agreements to allow them to remove any controversial content – including content that is not necessarily illegal – in order to protect themselves from liability. Finally, Norway is obliged to implement Directive 2019/790 on Copyright in the Digital Single Market. However, it has not yet done so as of May 2022.
Coverage Internet service providers
NORWAY
Reported in 2021, last reported in 2023
Pillar Intermediary liability |
Indicator User identity requirement
Mandatory SIM card registration
It is reported that Norway imposes an identity requirement for SIM registration. Anyone wanting to purchase a SIM card has to provide their national ID card or a passport in case of foreigners to activate a new prepaid SIM card.
Coverage Telecommunications sector
Sources
NORWAY
Since June 2013
Pillar Quantitative trade restrictions for ICT goods and online services |
Indicator Export restrictions on ICT goods or online services
Regulations relating to the Export of Defence-Related Products, Dual-Use Items, Technology and Services
The "Regulations relating to the Export of Defence-Related Products, Dual-Use Items, Technology, and Services" harmonise Norway's export controls with those of the European Union by subscribing to the European Dual-Use Export Control Annex. The Annex identifies a range of dual-use items that face either authorisation requirements or outright bans for exportation outside of the EU.
Coverage Dual-use items
NORWAY
Since June 2018, entry into force in July 2018
Pillar Cross-border data policies |
Indicator Conditional flow regime
Act on the processing of personal data (Personal Data Act) (Lov om behandling av personopplysninger (personopplysningsloven))
The Act on the Processing of Personal Data (Personal Data Act) implements the General Data Protection Regulation (GDPR) of the European Union in Norway. In addition to companies established in the European Economic Area (EEA), the Regulation applies extraterritorially to companies offering goods or services to data subjects in the EEA and companies that monitor the behaviour of EEA citizens (Art. 3).
The Regulation mandates that data is allowed to flow freely outside the European Economic Area (EEA) only in certain circumstances listed in Chapter 5 of the Regulation. The main conditions for such a transfer are the following: the recipient jurisdiction has an adequate level of data protection; the controller adduces adequate safeguards (for instance, by using model contract clauses, binding corporate rules or other contractual arrangements); the data subject has given his/her consent explicitly; or, the transfer is necessary for the performance of a contract between the data subject and the controller.
The GDPR allows for data transfers to countries whose legal regime is deemed by the European Commission to provide for an “adequate” level of personal data protection. The European Commission has so far recognised Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Republic of Korea, Switzerland, the United Kingdom, and Uruguay as providing adequate protection. In addition, the EU-US Data Privacy Framework has acted as a self-certification system open to certain US companies for data protection compliance since July 2023.
The Regulation mandates that data is allowed to flow freely outside the European Economic Area (EEA) only in certain circumstances listed in Chapter 5 of the Regulation. The main conditions for such a transfer are the following: the recipient jurisdiction has an adequate level of data protection; the controller adduces adequate safeguards (for instance, by using model contract clauses, binding corporate rules or other contractual arrangements); the data subject has given his/her consent explicitly; or, the transfer is necessary for the performance of a contract between the data subject and the controller.
The GDPR allows for data transfers to countries whose legal regime is deemed by the European Commission to provide for an “adequate” level of personal data protection. The European Commission has so far recognised Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Republic of Korea, Switzerland, the United Kingdom, and Uruguay as providing adequate protection. In addition, the EU-US Data Privacy Framework has acted as a self-certification system open to certain US companies for data protection compliance since July 2023.
Coverage Horizontal
Sources
- https://web.archive.org/web/20231124003851/https://lovdata.no/dokument/NL/lov/2018-06-15-38?q=gdpr
- https://web.archive.org/web/20231231080658/https://gdpr-info.eu/
- https://web.archive.org/web/20220816175151/https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/eu-us-data-transfers_en
- Show more...
NORWAY
Signed in July 2021, entry into force in December 2021
Signed in June 2023, entry into force in November 2024
Signed in June 2023, entry into force in November 2024
Pillar Cross-border data policies |
Indicator Participation in trade agreements committing to open cross-border data flows
Free Trade Agreement between Iceland, the Principality of Liechtenstein and the Kingdom of Norway and the United Kingdom of Great Britain and Northern Ireland
Free Trade Agreement Between The EFTA States And The Republic of Moldova
Free Trade Agreement Between The EFTA States And The Republic of Moldova
Norway has joined two agreement with binding commitments to open transfers of data across borders. These include: Free Trade Agreement between Iceland, the Principality of Liechtenstein and the Kingdom of Norway and the United Kingdom of Great Britain and Northern Ireland (Art. 4.11.1), and the Free Trade Agreement Between The EFTA States And The Republic of Moldova (Art. 5.11)
Coverage Horizontal
Sources
- https://web.archive.org/web/20220710005929/https://www.regjeringen.no/contentassets/70cab61673f74ad88aad40dbbb96fe34/free-trade-agreement-betweeniceland-the-principality-of-liechtenstein-and-the-kingd...
- https://www.efta.int/trade-relations/free-trade-network/united-kingdom
- https://www.efta.int/trade-relations/free-trade-network/moldova
- Show more...
NORWAY
Since January 1980
Pillar Intellectual Property Rights (IPRs) |
Indicator Participation in the Patent Cooperation Treaty (PCT)
Patent Cooperation Treaty (PCT)
Norway is a party to the Patent Cooperation Treaty (PCT).
Coverage Horizontal
NORWAY
Since July 2018
Pillar Intellectual Property Rights (IPRs) |
Indicator Copyright law with clear exceptions
Act on copyright to intellectual property, etc. (Copyright Act) (Lov om opphavsrett til åndsverk mv. (åndsverkloven))
The Norwegian Copyright Act (2018) contains limited exceptions to copyright, including temporary copies, copies for private use or educational purposes, quotations, parodies, and for people with disabilities. It does not, however, contain fair use or fair dealing rights broadly defined. As a European Economic Area (EEA) member, the European acquis of copyright law also applies in Norway.
Coverage Horizontal
NORWAY
Reported in 2017, last reported in 2024
Pillar Intellectual Property Rights (IPRs) |
Indicator Enforcement of copyright online
Lack of adequate enforcement of copyright online
It has been consistently reported since 2017 that rightsholders argue the authorities have not accorded sufficient priority to cases concerning copyright infringement and internet piracy. Furthermore, research published in 2023 revealed that 22% of viewers aged 15 to 74 in Norway had illegally streamed or downloaded films or television episodes within a single month, representing an increase from 18% in 2022.
Coverage Horizontal
Sources
- https://web.archive.org/web/20241115202537/https://www.state.gov/reports/2024-investment-climate-statements/norway/
- https://web.archive.org/web/20231002224257/https://www.state.gov/reports/2017-investment-climate-statements/norway/
- https://web.archive.org/web/20230523131340/https://ttvk.fi/assets/uploads/2023/05/mediavision-nordic-piracy-2023-press-fi.pdf
- https://web.archive.org/web/20231123045158/https://ttvk.fi/mediavisionin-tutkimus-av-piratismia-harjoittavien-maara-kasvanut-jyrkasti
- https://web.archive.org/web/20230715090003/ttps://cineuropa.org/en/newsdetail/446213/
- https://web.archive.org/web/20231231200416/https://torrentfreak.com/sharp-rise-in-piracy-rates-across-sweden-denmark-finland-norway-230524/
- Show more...
NORWAY
N/A
Pillar Intellectual Property Rights (IPRs) |
Indicator Adoption of the WIPO Copyright Treaty
Lack of signature of the WIPO Copyright Treaty
Norway has not signed the World Intellectual Property Organization (WIPO) Copyright Treaty.
Coverage Horizontal
NORWAY
N/A
Pillar Intellectual Property Rights (IPRs) |
Indicator Adoption of the WIPO Performances and Phonograms Treaty
Lack of signature of the WIPO Performances and Phonograms Treaty
Norway has not signed the World Intellectual Property Organization (WIPO) Performances and Phonograms Treaty.
Coverage Horizontal
