Nordic data protection authorities agree on closer cooperation in information security and cross-border matters

The Nordic data protection authorities met at their annual meeting on 21-22 May 2025. The topics of the meeting included the supervision of AI solutions, information security issues and the efficient handling of matters in an increasingly complex data protection environment. In their statement, the data protection authorities agreed to strengthen cooperation on topical issues.

This year, the main topics of the Nordic meeting of data protection authorities were the processing of complaints, information security, the resources of data protection authorities and the tasks brought about by the new regulation. The meeting concluded that adequate monitoring of new data regulation, for example, requires sufficient resources, clear competences and cooperation with other authorities responsible for monitoring.

The meeting adopted a statement in which the Nordic data protection authorities agreed to step up cooperation on issues such as the handling of cross-border cases and the exchange of information and experience on topical issues. The Nordic data protection authorities consider it advisable to support the ongoing preparation in Finland of extending administrative fines to the public sector.

One of the key themes of the meeting was the use of artificial intelligence in law enforcement. Data protection authorities have identified a need for closer cooperation as new AI tools are constantly being developed and deployed in law enforcement.

In addition, it was agreed to strengthen cooperation between the Nordic data protection authorities in the processing of personal data breaches. In particular, hacking has been identified as a common challenge. The authorities also discussed the possibility of creating common information security guidelines and intensifying their communication cooperation.

Information and experiences were also shared on certification and codes of conduct, new technologies and regulatory test environments, and cloud solutions. In their statement, the data protection authorities stressed that all cloud solutions deployed must meet data protection requirements.

In addition, it was agreed to continue cooperation in strengthening the data protection of children and young people. The topic is one of the common priorities of the authorities and recurring topics of Nordic meetings.

The data protection authorities of Finland, Sweden, Norway, Iceland and the Åland Islands participated in the meeting hosted by Denmark and the Faroe Islands. Nordic meetings of data protection authorities have been held since 1988. The aim of the meetings is to discuss current data protection issues and to exchange best practices. The last meeting took place in Oslo in May 2024.

Additional information:

​​​​​​​Tórshavn Declaration (pdf)

Press release by the Danish data protection authority in Danish on the authority’s website: Fælles erklæring fra de nordiske datatilsyns møde i Thorshavn (26.5.2025)