country: Norway
framework: GDPR
region: EEA
language: nb
version: 2024-06
status: published
last_updated: 2025-06-30
source_verified: true
authority: Datatilsynet – Norwegian Data Protection Authority
notes:
- Norway is part of the EEA and applies GDPR through the incorporation of Regulation
  (EU) 2016/679 into Norwegian law via the Personal Data Act (Personopplysningsloven)
  of 2018.
- The Norwegian Datatilsynet issues guidance on workplace surveillance, children's
  data, biometric access systems, and data portability.
categories:
- name: Full Name
  type: direct_identifier
  subtype: personal_name
  required_masking: true
  tags:
  - pii
  citations:
  - regulation: GDPR
    article: 4(1)
  category_tags:
  - core
  - identity
- name: Email Address
  type: direct_identifier
  subtype: digital_contact
  required_masking: true
  tags:
  - pii
  citations:
  - regulation: GDPR
    article: 4(1)
  category_tags:
  - core
  - contact
- name: Phone Number
  type: direct_identifier
  subtype: telecom_contact
  required_masking: true
  tags:
  - pii
  citations:
  - regulation: GDPR
    article: 4(1)
  category_tags:
  - core
  - contact
- name: IP Address
  type: indirect_identifier
  subtype: network_identifier
  required_masking: true
  tags:
  - tracking
  citations:
  - regulation: GDPR
    recital: '30'
  - authority: Datatilsynet
    guideline: Informasjonskapsler og sporing
    url: https://www.datatilsynet.no/personvern-pa-ulike-omrader/internett-og-apper/informasjonskapsler-cookies/
  category_tags:
  - digital
  - behavioral
- name: Fødselsnummer (National Identity Number)
  type: national_identifier
  subtype: government_id
  required_masking: true
  tags:
  - pii
  - national_id
  - government_id
  citations:
  - regulation: GDPR
    article: '87'
  - national_law: Personopplysningsloven (2018)
    section: '12'
    description: Restricts processing of the national ID number unless legally justified
  category_tags:
  - identity
  - sensitive
- name: Health Data (medical treatments, patient history)
  type: special_category
  subtype: health
  required_masking: true
  tags:
  - phi
  - sensitive
  citations:
  - regulation: GDPR
    article: 9(1)
  - authority: Datatilsynet
    guideline: Helse og personvern
    url: https://www.datatilsynet.no/personvern-pa-ulike-omrader/helse-og-omsorg/
  category_tags:
  - health
  - sensitive
- name: Biometric Data (fingerprint, iris, facial geometry)
  type: special_category
  subtype: biometric
  required_masking: true
  tags:
  - biometric
  - sensitive
  citations:
  - regulation: GDPR
    article: 9(1)
  - authority: Datatilsynet
    guideline: Biometriske data
    url: https://www.datatilsynet.no/personvern-pa-ulike-omrader/arbeidsliv/biometriske-tilgangskontroller/
  category_tags:
  - biometric
  - sensitive
- name: Location Data (workplace GPS, transit logs)
  type: behavioral
  subtype: geolocation
  required_masking: true
  tags:
  - tracking
  citations:
  - regulation: GDPR
    article: 4(1)
  category_tags:
  - tracking
  - digital
- name: Cookie Identifiers / Behavioral Trackers
  type: indirect_identifier
  subtype: device_id
  required_masking: true
  tags:
  - tracking
  - online_identifier
  - pii
  citations:
  - regulation: GDPR
    recital: '30'
  - authority: Datatilsynet
    guideline: Cookies og samtykke
    url: https://www.datatilsynet.no/personvern-pa-ulike-omrader/internett-og-apper/informasjonskapsler-cookies/
  category_tags:
  - tracking
  - digital
- name: Employment Records (working hours, camera footage, contracts)
  type: contextual_identifier
  subtype: hr_data
  required_masking: true
  tags:
  - pii
  - hr_data
  - workplace_monitoring
  citations:
  - regulation: GDPR
    article: '88'
  - national_law: Arbeidsmiljøloven (Working Environment Act)
    section: 9-5
    description: Governs employer monitoring of employees and workplace surveillance
  category_tags:
  - employment
  - sensitive