Netflix, Streaming Apps May Face Security Requirements in Norway – Bloomberg Law

Streaming services may face new requirements in Norway to hand over data to intelligence officials upon request, under legislation the nation’s parliament is considering.

Companies including Netflix Inc., Facebook Inc.’s WhatsApp and Microsoft Corp.’s Skype would need to retain metadata for up to 18 months and make the information available if the Oslo District Court deems it relevant to investigations.

The plan to give new powers to the nation’s intelligence service, or E-tjenesten, to access cross-border electronic communications would replace Norway’s 1998 Electronic Services Act.

Parliament is set to consider the plan next month, a Defense Ministry spokesperson said.

Services that transmit text, sound and images in streaming format would be subject to the new requirements. That means platforms such as Netflix, WhatsApp and Skype would likely need to comply, said Jeppe Songe-Moller, an attorney at the Schjodt legal firm.

The inclusion of such services “is new compared to the current law,” Songe-Moller said.

Songe-Moller said the plan may contravene safeguards related to data storage and proportionality in Europe’s privacy law, the General Data Protection Regulation.

The European Court of Human Rights may help ascertain the legality of the Norwegian plan when it considers challenges to similar legislation, including Sweden’s so-called FRA Law, he said.

Raising Objections

Norway’s Data Protection Authority, which administers Norwegian and European Union privacy laws, raised objections to the proposal in a May 25 statement. The legislation would “dramatically increase registration and monitoring” and ”essentially mean that virtually all communication channels” may be monitored, the authority said.

The plan contains “no assessment of privacy consequences” and suffers from a “lack of clarity and legal certainty,” the authority said.

The authority didn’t respond to a request for additional comment Tuesday.

The proposal’s supporters include the Norwegian Business Safety Council, a corporate crime advisory body, which said in a statement Tuesday that it expected the proposal to become law “without significant changes.”

The legislation is needed to strengthen Norway’s ability to collect foreign intelligence, Defense Minister Frank Bakke-Jensen said in an emailed statement. Access to data will be “subject to independent oversight” and the plan complies with national and international legal standards, he said.

Uros Baarlid Tosanovic, attorney at the Thommessen legal firm, said the European privacy law may not apply to intelligence services’ processing of personal data for national security.

However, the law may be challenged under the Norwegian Constitution and the European Convention on Human Rights, Tosanovic said.

“We believe that the proposal might become law relatively quickly,” he said. “However, it is difficult to predict whether it will be adopted without any significant changes.”


Leave a Reply