Why US-based companies should care about the Norway DPA's interpretation of GDPR consent

by Odia Kagan - IAPP

U.S.-based companies and regulators should fully understand the impact of a decision from Norway’s data protection authority, Datatilyset, regarding how consent is “done,” what constitutes special category data and what “manifestly made public” means. With the new U.S. privacy laws in California, Virginia and Colorado borrowing the definitions of “consent” and “sensitive data” verbatim from EU General Data Protection Regulation, as well as adopting a consumer intent-based standard for determining what constitutes “publicly available information,” the devil will be in the details of how these get interpreted. 

Read more: https://iapp.org/news/a/why-should-us-based-companies-care-about-this-recent-decision-in-norway/