Like so many of you, I arrange a fair number of meetings for various purposes. Among these are the ones I arrange for the members of my union local in my capacity as its head. Now, EU – and thus also Norwegian – data protection law clearly categorizes union membership as one of the numerous special categories of personal data. I understand this to mean that I am not allowed to share the membership list with my members.
As you may or may not be aware, GDPR (the General Data Protection Regulation) comes into effect on May 1st, 2018. From what I can tell – and the text of the regulation is fairly convoluted and hard to understand – anonymized data collection (such as IP address of visitors) needs no active consent, while non-anonymized data collection does require active consent. To this effect, I have combined and consolidated what used to be to pages – the cookie and privacy policies – into one, which you can find here.