Norway’s Data Protection Authority (DPA) Datatilsynet has imposed a NOK 500,000 ($52,900, €46,800) penalty on Raelingen town council for errors in its use of the digital-learning platform Showbie
The local authority communicated health-related information between school and home via the app, but insufficient security was put in place to avoid users accessing the personal information of others in their group.
No necessary risk or privacy impact assessments, nor any testing was carried out before the application was used, Datatilsynet said.
Though the council argued there was no evidence any of the children had been subjected to material or non-material damage, the DPA said the security breach itself constituted a risk.
Datatilsynet’s director Bjorn Erik Thon described the case as serious because it concerned both children and health information.
Raelingen (population 18,500) is about 20km east of Norway’s capital, Oslo.
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.