The Norwegian Data Protection Authority has issued Odin Flissenter AS (Tile distributor) an administrative fine of EUR 13 905 (NOK 150 000) for performing a credit check of a sole proprietorship without having a lawful basis for the processing.
The background of the fine was a person filing a complaint that Odin Flissenter had performed a credit check of a sole proprietorship that did not have a customer relationship or any other connection to the company.
The amount of the fine has been somewhat reduced compared to the notification to impose an administrative fine, because of the economic consequences that Covid-19 has had on the company.
Credit information about a sole proprietorship is regarded as personal data, as the owner is directly identified with the enterprise, and this is directly linked to the owner’s private economy.
Credit check ratings are built upon a compilation of personal data from several different sources, and shows a score that states the probability that a person or a sole proprietorship will be able to pay for oneself. The credit rating will also show details about the economy of the enterprise, such as payment remarks, voluntary security (for costs), and debt-to-equity ratio.
In our evaluation of the case, we have emphasized the private character of the personal data, seeing that the data is closely linked to the private economy of the owner, and that the complainant’s privacy protection weighs heavily when this kind of personal data is being processed. We have further emphasized that the data also has been collected for purposes completely outside of the company’s line of business.
For further information, please contact the Norwegian DPA: international@datatilsynet.no
