Data Privacy (GDPR)
The Personal Data Act [Act of 14 April 2000 no. 31] requires those who obtain information for registration / processing to inform that this is being done. In connection with the execution of a sentence / stay in custody, the Prison and Probation Service will collect personal information about the prisoner.
The purpose of obtaining such information is to facilitate a satisfactory execution of sentences, which ensures the inmate satisfactory conditions, cf. § 2. The information is used for e.g. individual risk assessments and assessment of other safety issues. The personal information will also be used in connection with the facilitation of the execution of the sentence, for example in assessments of applications from the prisoner for leave and release and so on.
In addition to information provided by inmates themselves, the Prison and Probation Service generally requests such personal information from the police / prosecution authority, the population register, the Norwegian Labor and Welfare Administration, health professional units and treatment and care institutions. Any information about previous penalties may also be used. In some cases, information will also be obtained from the child welfare service, the immigration authorities and embassies or other similar agencies, which hold personal information about the prisoner that the prison service needs to carry out its work.
The information is registered in the prison service's archive system.
If the purpose so requires, personal information may be passed on to other administrative bodies such as the police, NAV and health authorities, etc., in line with the Public Administration Act, Chapter 3. Personal information may also be passed on to others with the consent of the prisoner.
The Personal Data Act requires the data controller to delete registered personal data when the purpose lapses, including in accordance with the Archives Act
The prisoner has the right to access the personal data that is obtained, with the restrictions that follow from the Personal Data Act § 23. The prisoner has the right to demand correction of personal data that is incorrect, incomplete or which it is not allowed to process, cf. the Personal Data Act § 27. Any request for access is submitted to the prison director.