Datatilsynet, the data protection authority in Norway, has voiced an opinion against a proposal from the ministry of justice and emergency preparedness to store air passenger information for five years. The DPA regards that as too long.

The suggested rule change is intended to toughen up Norway’s defences against terrorism and serious crime.

But it also means the police can apply to identify persons, who previously did not have a known connection to terrorism or serious crime, for up to five years after a flight.

Those “big data searches” will be carried out without independent prior control, according to Datatilsynet. The information will include name, address, telephone, e-mail address, itinerary, names of people traveling together, seat number, booking history, payment information, luggage information, passport number and nationality.

“The proposal will mean that almost all Norwegian residents will be subject to investigation by the police simply because they have been traveling abroad,” said the DPA’s director, Bjorn Erik Thon.

“In a society where private actors rely on large amounts of information, it is important to be aware of what barriers there should be for government collection and use of this information.”

Datatilsynet says it understands the police’s need to know whether people coming to the country are suspected of or linked to international terrorism or other serious crime.

But it also refers to a European Commission report which showed with data collected from around one billion passengers a year there were only concrete results in 13 cases.


PrivSec Global

Make sure to register to PrivSec Global and tune into “Why the Future of Trust Must Be Built on Data Transparency.”

Speakers include:

  • Tianna Powell, Director, DPO Group
  • Karan Singh, Xandr
  • Sana Naman, Data Protection Lead, Harvey Nichols
  • Christian Lawaetz Halvorsen, CTO & Co-founder,

June 22 1pm BST | 2pm CEST | 8pm HK

Register now