Faroe Islands: Authority dismisses investigation of unnamed American company
The Faroe Islands Data Protection Authority ('the Authority') published, on 21 July 2021, its statement in which it dismissed an investigation into an unnamed American company, for violations regarding security obligations, following a notification of a data breach reported by the same company.
Background to the case
In particular, the Authority reported that it had been notified by the company of a data breach.
Findings of the Authority
Further to the above, the Authority found that the company was not established in the Faroe Islands, did not offer goods or services to data subjects in the Faroe Islands, and did not monitor the behaviour of such data subjects. Therefore, the Authority held that the company did not fall within the scope of application of Act No. 80 of 7 June 2020 on the Protection of Personal Data.
In conclusion, the Authority dismissed the investigation into the data breach and did not take any further action in relation to the data breach in question.
You can read the statement, only available in Danish, here.