Norway: Data Protection Authority published guidance on cross-border data transfer to United States of America clarifying the adequacy decision with European Union

On 26 February 2025, the Norwegian Data Protection Authority published a guidance on cross-border data transfers to the United States of America (US). The guidance addresses the implementation of existing regulations under the cross-border data transfer framework, highlighting the implications of sending personal data to the US, in light of recent updates concerning the Privacy and Civil Liberties Oversight Board (PCLOB). The guidance highlighted that the framework remains in place, allowing transfers to US entities listed under the framework. However, recent changes to the PCLOB have raised concerns with several board members being removed, leaving the body without a quorum. The guidance highlighted that US laws designed to protect personal data remain in force. Businesses relying on US-based services should prepare an exit strategy. It was also highlighted that if the adequacy decision is revoked, restrictions could take effect immediately, with no transition period.