Norway: Implemented Electronic Communications Act (Prop. 93 LS) including data protection regulation

On 1 January 2025, the Electronic Communications Act, including data protection regulation, enters into force. The Act specifies guidelines for data retention, deletion, and anonymisation, with the intention of enhancing transparency and responsibility in the handling of user data. Service providers are obliged to provide information regarding the storage, protection, and management of user data. The Act introduces modifications to the criteria for cookie consent, aligning it with the General Data Protection Regulation (EU GDPR) standards. The Act aims to harmonise the rights of Norwegian users with those across the European Economic Area, ensuring simplicity in both accepting and rejecting cookies. The provision applies to all types of information stored or accessed, whether personal or not, and is technology-neutral. Finally, the Act lists exceptions to the consent requirement, such as when cookies are necessary for transmitting communications or providing a service requested by the user.