The Norwegian data protection authority ('Datatilsynet') announced, on 21 December 2022, that it had published a report to assist organisations on how to inform users about the use of artificial intelligence ('AI'). In particular, Datatilsynet noted that the law on personal data requires transparency on the use of AI, which means that organisations must decide not only what information on the use of AI they need to share, but also when and how to inform users. Accordingly, Datatilsynet advised to decide how to deal with the above early in the process, when an organisation is going to develop or purchase an AI tool. Specifically, Datatilsynet explained that the report outlines the most central legal requirements relating to transparency in the use of AI, and presents concrete examples, offering a to-do list to achieve transparency in AI. Moreover, Datatilsynet's Director, Line Coll, stated that, although regulations set clear requirements for transparency, they do not provide a clear recipe for how to be transparent, so that separate assessments must be made in each individual case.

Notably, Datatilsynet pointed out that trust is a recurring theme in the examples contained in the report. In this regard, Datatilsynet highlighted that, if people are to be willing to adopt solutions and share information, they must have confidence that the solution works for its purpose, while also safeguarding privacy.

You can read the statement here and the report here, both only available in Norwegian.