29/12/2016, 13*35 e.Proofing | Springer Page 1 of 35 http://eproofing.springer.com/books/printpage.php?token=XRJL5u4Q2w26OR7NAhlJ-wiv_Q_ZCoSpieEl_0RFSUY Exercising Access Rights in Norway Rocco Bellanova Email rocco@prio.no Stine Bergersen Email stiber@prio.org Maral Mirshahi Email maralm@stanford.edu Marit Moe-Pryce Email marit@prio.no J. Peter Burgess Email james.peter.burgess@ens.fr Peace Research Institute Oslo, Oslo, Norway Stanford University, Stanford, CA, USA ENS, Paris, France Abstract This chapter outlines the experiences of attempting to exercise one’s right of access in Norway. Using rich, ethnographic examples, this chapter tests how easy or difficult it is for a data subject based in Norway to obtain their personal data, firstly by locating the required information about organisations and their data controllers and secondly by submitting subject access requests to these organisations. The chapter reflects on the differences (if any) between public and private sector organisations in the process of responding to access requests. It also considers the potential for having submitted complaints to the national Data Protection Authority in Norway about the conduct of organisations when researchers submitted access requests to them. 10.1. Mapping the Legal and Administrative Frameworks of Access Rights in Norway 10.1.1. Introduction Norway is somehow a special case among the countries examined in this edited collection. It is the only one that is not a member of the European Union (EU), but it has implemented the Data Protection Directive. Norway has also a rather long legislative tradition in the field of data protection. Its first dedicated regulation has been adopted in the same period in which few other European countries (or 1,* 1 2 1 3 1 2 3