Norwegian DPA fines Odin Flissenter for performing a credit check of a sole proprietorship without having a lawful basis for the processing

Oct 25, 2020

Source: European Data Protection Board

The Norwegian Data Protection Authority has issued Odin Flissenter AS (Tile distributor) an administrative fine of EUR 13 905 (NOK 150 000) for performing a credit check of a sole proprietorship without having a lawful basis for the processing. 

The background of the fine was a person filing a complaint that Odin Flissenter had performed a credit check of a sole proprietorship that did not have a customer relationship or any other connection to the company. 

The amount of the fine has been somewhat reduced compared to the notification to impose an administrative fine, because of the economic consequences that Covid-19 has had on the company. 

Credit information about a sole proprietorship is regarded as personal data, as the owner is directly identified with the enterprise, and this is directly linked to the owner’s private economy. 

Credit check ratings are built upon a compilation of personal data from several different sources, and shows a score that states the probability that a person or a sole proprietorship will be able to pay for oneself. The credit rating will also show details about the economy of the enterprise, such as payment remarks, voluntary security (for costs), and debt-to-equity ratio. 

In our evaluation of the case, we have emphasized the private character of the personal data, seeing that the data is closely linked to the private economy of the owner, and that the complainant’s privacy protection weighs heavily when this kind of personal data is being processed. We have further emphasized that the data also has been collected for purposes completely outside of the company’s line of business.

For further information, please contact the Norwegian DPA:

The press release published here does not constitute official EDPB communication, nor an EDPB endorsement. This press release was originally published by the national supervisory authority and was published here at the request of the SA for information purposes. As the press release is represented here as it appeared on the SA’s website or other channels of communication, the news item is only available in English or in the Member State’s official language with a short introduction in English. Any questions regarding this press release should be directed to the supervisory authority concerned.

Recent news

CSC elects 2nd Deputy Coordinator

The Coordinated Supervision Committee (CSC) has elected Matej Sironic from the Slovenian Data Protection Authority (DPA) as its Deputy Coordinator for a term of two years. Sironic will be the second Deputy Coordinator, and will work along with Sebastian Hümmeler from...

read more