Data protection and information security
Research leader: Prof. dr. juris Dag Wiese Schartum
in collaboration with associate professor dr. juris Lee A. Bygrave
The NRCCL played an active role when, early in 1970s, two expert committee reports were put forward (by the Seip and Sandvik commissions) which later resulted in the Act relating to personal data filing systems (1978). This law was replaced by the Data Protection Act of 2000 but both laws were largely influenced by the interest theory which was developed in parallel with the two reports. A key figure was the then head of the Section for Electronic Data Processing, Prof. Knut S. Selmer who, together with Ragnar Dag Blekeli published the book Data og personvern (1977).
The NRCCL and Section for eGovernment Studies (SeGov) have long played a significant role in the research and discourse regarding data protection and many ground-breaking doctoral thesis were written. In 2001 Lee A. Bygrave defended his thesis Data Protection Law: Approaching Its Rationale, Logic and Limits, which is today regarded as an international standard work in the field of data protection. Stephen K. Karanja’s thesis Schengen Information System and Border Control Co-operation: A Transparency and Proportionality Evaluation (2006) discusses core current issues regarding on the one hand security and on the other hand data protection and human rights. That same year Rolf Riisnæs defended his thesis Digitale sertifikater og sertifikattjenester -- roller, oppgaver og ansvar which deals with information security and electronic certificates and the nature, characteristic and potential of certification services. At the same time, the thesis also looks at basic private law issues relating to liability for misrepresentation with regards to electronic certificates.
The NRCCL has also carried out research in information security since the mid-1980s, first in connection with data protection and, later on, as a more independent field of study as well. In recent years there has been research on, inter alia the legal regulation of information security, i.e. research at the borderline between information security and regulatory management (see the research area Legal Technology). Data protection issues are central to e-government, and research carried out by our students in their master dissertation have great significance in this field of research.
SeGov chairs the Forskningsforum for personvern og informasjonssikkerhet (Research Forum for data protection and information security). The Forum is a loose network of researchers in this field of study and includes a number of central research organizations and others interested in the field. Central in this collaborative network is Personvern på nettet (Data protection on the Internet) (http://www.personvern.uio.no/) which was set up in 1996 with significant support from the Department of Industry.